Премини към съдържанието
  • Добре дошли!

    Добре дошли в нашите форуми, пълни с полезна информация. Имате проблем с компютъра или телефона си? Публикувайте нова тема и ще намерите решение на всичките си проблеми. Общувайте свободно и открийте безброй нови приятели.

    Моля, регистрирайте се за да публикувате тема и да получите пълен достъп до всички функции.

     

Зловреден софтуер в системата: lktoday.ru пренасочва браузера към 'horux – Antivirus, Forex, Insurance horux.cz'


Препоръчан отговор


Здравейте, нуждая се от компетентната Ви помощ. На личния ми лаптоп наблюдавам подозрителна активност от известно време. Произволно се включва браузера Google Chrome с първоначално адресиране към lktoday.ru и веднага се пренасочва към 'horux – Antivirus, Forex, Insurance horux.cz'. Не знам как се е промъкнала гадината, ползвам безплатната версия на Авира - явно не върши добра работа. Моля да ми препоръчате и добра безплатна антивирусна, ако има такава. Прилагам файловете.

Предварително Ви благодаря. 

FRST.txt Addition.txt

Линк към този отговор
Сподели в други сайтове

Здравейте,

Имате зловредна планирана задача и някои други остатъци. Ще го оправим:

Task: {BB0DE25A-DF93-48FA-BCA7-C755C2F66BFB} - System32\Tasks\SVC Update => C:\WINDOWS\explorer.exe "http://lktoday.ru" <==== ATTENTION

По мое наблюдение този запис е дошъл от калпав активатор:

2021-03-21 19:14 - 2021-03-23 07:40 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final
2021-03-21 19:14 - 2021-03-21 19:14 - 000003564 _____ C:\WINDOWS\system32\Tasks\SVC Update

Тъй като колегата се включи първи в темата, ще оставя на него. В добри ръце сте! ;)

Линк към този отговор
Сподели в други сайтове

Добър вечер..! 

Фикс с Farbar Recovery Scan Tool

  • Щракнете с десния бутон върху иконата FRST и изберете Изпълнете като администратор
  • Маркирайте  информацията от карето по долу , след което натиснете клавишите Ctrl + C едновременно и текстът ще бъде копиран
  • Няма нужда да поставяте информацията , FRST ще я направи вместо вас.
Start::

CreateRestorePoint:
CloseProcesses:

HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [] => [X]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Policies\system: [shell] explorer.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {BB0DE25A-DF93-48FA-BCA7-C755C2F66BFB} - System32\Tasks\SVC Update => C:\WINDOWS\explorer.exe "http://lktoday.ru" <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
2021-03-30 19:02 - 2021-03-30 19:02 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2021-03-30 18:50 - 2021-03-31 18:48 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-03-30 18:50 - 2021-03-30 18:50 - 013543384 _____ C:\Users\Pyrpyl_HP\Downloads\bitdefender_online.exe
2021-03-21 19:14 - 2021-03-21 19:14 - 000003564 _____ C:\WINDOWS\system32\Tasks\SVC Update
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FirewallRules: [{7652EDB3-B89D-4113-B7AA-7806DCE3A53D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
FirewallRules: [UDP Query User{1904FE72-C1A5-49F0-8403-69029849A519}G:\programs\skype\phone\skype.exe] => (Allow) G:\programs\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{E2A2AB63-96A0-4630-ACDA-8D257F7220FA}G:\programs\skype\phone\skype.exe] => (Allow) G:\programs\skype\phone\skype.exe => No File
FirewallRules: [{72C84E7B-3DB8-4D20-879A-6F02C0D9C5EF}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{D9AC8B6A-C812-46FD-A5A6-E37715386C82}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{9FE9C556-C4DF-4D0C-86B0-93CF5424C0A7}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{29268D37-D7AD-42CF-B071-83EB15DBDEDC}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [TCP Query User{923E4316-8E43-4DCC-80B3-EC55F7675F33}G:\programs\skype\phone\skype.exe] => (Allow) G:\programs\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{B9A69F59-D01C-4BF5-82B4-58852CED9CE2}G:\programs\skype\phone\skype.exe] => (Allow) G:\programs\skype\phone\skype.exe => No File
FirewallRules: [{001AB9A9-C0F9-48FB-A766-7234F9987734}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{186A4DD3-1978-49B7-98A6-71CD8F197D63}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{B11E7256-F573-40C9-930C-842D8C28D774}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File

EmptyTemp:
End::

ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

Следните директории се изпразват:

  • Windows Temp
  • Users Temp folders
  • Edge, IE, FF, Chrome and Opera caches, HTML5 storages, Cookies and History
  • Recently opened files cache
  • Flash Player cache
  • Java cache
  • Steam HTML cache
  • Explorer thumbnail and icon cache
  • BITS transfer queue (qmgr*.dat files)
  • Recycle Bin

Натиснете бутона Fix само веднъж и изчакайте.
Забележка:    Не е необходимо да поставяте скрипта в FRST .
Рестартирайте компютъра, ако бъдете подканени.
Когато поправката е завършена, FRST ще генерира дневник на същото място, от което е стартиран (Fixlog.txt)
Моля, копирайте и поставете съдържанието му във вашия отговор.

Линк към този отговор
Сподели в други сайтове

Изпълних скрипта - това е лога:

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Pyrpyl_HP (17-04-2021 20:55:15) Run:3
Running from C:\Users\Pyrpyl_HP\Desktop
Loaded Profiles: Pyrpyl_HP
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [] => [X]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Policies\system: [shell] explorer.exe <==== ATTENTION
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Restriction <==== ATTENTION
Task: {BB0DE25A-DF93-48FA-BCA7-C755C2F66BFB} - System32\Tasks\SVC Update => C:\WINDOWS\explorer.exe "http://lktoday.ru" <==== ATTENTION
Edge Extension: (No Name) -> AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\AutoFormFill [not found]
Edge Extension: (No Name) -> BookReader_B171F20233094AC88D05A8EF7B9763E8 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\BookViewer [not found]
Edge Extension: (No Name) -> LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\LearningTools [not found]
Edge Extension: (No Name) -> PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\Assets\HostExtensions\PinJSAPI [not found]
2021-03-30 19:02 - 2021-03-30 19:02 - 000000000 ____D C:\Program Files\Bitdefender Antivirus Free
2021-03-30 18:50 - 2021-03-31 18:48 - 000000000 ____D C:\ProgramData\Bitdefender Agent
2021-03-30 18:50 - 2021-03-30 18:50 - 013543384 _____ C:\Users\Pyrpyl_HP\Downloads\bitdefender_online.exe
2021-03-21 19:14 - 2021-03-21 19:14 - 000003564 _____ C:\WINDOWS\system32\Tasks\SVC Update
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  -> No File
ContextMenuHandlers5: [Gadgets] -> {6B9228DA-9C15-419e-856C-19E768A13BDC} =>  -> No File
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -  No File
FirewallRules: [{7652EDB3-B89D-4113-B7AA-7806DCE3A53D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
FirewallRules: [UDP Query User{1904FE72-C1A5-49F0-8403-69029849A519}G:\programs\skype\phone\skype.exe] => (Allow) G:\programs\skype\phone\skype.exe => No File
FirewallRules: [TCP Query User{E2A2AB63-96A0-4630-ACDA-8D257F7220FA}G:\programs\skype\phone\skype.exe] => (Allow) G:\programs\skype\phone\skype.exe => No File
FirewallRules: [{72C84E7B-3DB8-4D20-879A-6F02C0D9C5EF}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{D9AC8B6A-C812-46FD-A5A6-E37715386C82}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{9FE9C556-C4DF-4D0C-86B0-93CF5424C0A7}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{29268D37-D7AD-42CF-B071-83EB15DBDEDC}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [TCP Query User{923E4316-8E43-4DCC-80B3-EC55F7675F33}G:\programs\skype\phone\skype.exe] => (Allow) G:\programs\skype\phone\skype.exe => No File
FirewallRules: [UDP Query User{B9A69F59-D01C-4BF5-82B4-58852CED9CE2}G:\programs\skype\phone\skype.exe] => (Allow) G:\programs\skype\phone\skype.exe => No File
FirewallRules: [{001AB9A9-C0F9-48FB-A766-7234F9987734}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{186A4DD3-1978-49B7-98A6-71CD8F197D63}] => (Allow) C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe => No File
FirewallRules: [{B11E7256-F573-40C9-930C-842D8C28D774}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe => No File
EmptyTemp:

*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\shell" => removed successfully
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\ProgramData\NTUSER.pol => moved successfully
HKLM\SOFTWARE\Policies\Mozilla => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB0DE25A-DF93-48FA-BCA7-C755C2F66BFB}" => removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB0DE25A-DF93-48FA-BCA7-C755C2F66BFB}" => removed successfully
C:\WINDOWS\System32\Tasks\SVC Update => moved successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SVC Update" => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\AutoFormFill_5ED10D46BD7E47DEB1F3685D2C0FCE08 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\BookReader_B171F20233094AC88D05A8EF7B9763E8 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\LearningTools_7706F933-971C-41D1-9899-8A026EB5D824 => removed successfully
HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\Config\PinJSAPI_EC01B57063BE468FAB6DB7EBFC3BF368 => removed successfully
C:\Program Files\Bitdefender Antivirus Free => moved successfully
C:\ProgramData\Bitdefender Agent => moved successfully
C:\Users\Pyrpyl_HP\Downloads\bitdefender_online.exe => moved successfully
"C:\WINDOWS\system32\Tasks\SVC Update" => not found
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00asw => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\Gadgets => removed successfully
HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers\igfxcui => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\gopher => removed successfully
HKLM\Software\Classes\PROTOCOLS\Handler\skype4com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7652EDB3-B89D-4113-B7AA-7806DCE3A53D}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{1904FE72-C1A5-49F0-8403-69029849A519}G:\programs\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E2A2AB63-96A0-4630-ACDA-8D257F7220FA}G:\programs\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72C84E7B-3DB8-4D20-879A-6F02C0D9C5EF}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D9AC8B6A-C812-46FD-A5A6-E37715386C82}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9FE9C556-C4DF-4D0C-86B0-93CF5424C0A7}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{29268D37-D7AD-42CF-B071-83EB15DBDEDC}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{923E4316-8E43-4DCC-80B3-EC55F7675F33}G:\programs\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{B9A69F59-D01C-4BF5-82B4-58852CED9CE2}G:\programs\skype\phone\skype.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{001AB9A9-C0F9-48FB-A766-7234F9987734}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{186A4DD3-1978-49B7-98A6-71CD8F197D63}" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{B11E7256-F573-40C9-930C-842D8C28D774}" => removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 11821056 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 47771746 B
Java, Flash, Steam htmlcache => 291 B
Windows/system/drivers => 47866514 B
Edge => 1082857 B
Chrome => 570235065 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 139316 B
NetworkService => 142198 B
Pyrpyl_HP => 45823930 B

RecycleBin => 1663764 B
EmptyTemp: => 692.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 20:55:58 ====

 

Някакви препоръки за смяна на антивируса? 

Още веднъж благодаря.

 

 

Линк към този отговор
Сподели в други сайтове

Благодаря..!  Наблюдавате ли все още пренасочването..? 

 

Изтеглете AdwCleaner от Malwarebytes на вашия работен плот.

  • Щракнете с десния бутон върху AdwCleaner.exe и изберете Изпълнение като администратор (Run as Administrator)(за потребители на Windows Vista, 7, 8, 8.1 и 10)
  • Приемете EULA (приемам), след което кликнете върху Сканиране (Scan)
  • Оставете сканирането да завърши. След като приключите, уверете се, че всеки елемент, изброен в различните раздели, е маркиран и кликнете върху бутона Карантина (Quarantine). Това ще убие всички активни процеси
  • След като процесът на почистване завърши, AdwCleaner ще поиска да рестартира компютъра ви, направете го
  • След рестартирането при влизане ще се отвори дневник. Моля, копирайте / поставете съдържанието на този дневник в следващия си отговор

 

 

Изтеглете  ESET Online Scanner и го запишете на вашия работен плот.
  •     Щракнете с десния бутон върху esetonlinescanner_enu.exe и изберете  Run as Administrator  ( Изпълни като администратор).
  •     Когато инструментът се отвори, щракнете върху  Get Started ( Започнете).
  •     Прочетете и приемете лицензионното споразумение.
  •     В прозореца  Welcome to ESET Online Scanner щракнете върху Get Started (Започнете).
  •     Изберете дали искате да изпратите анонимни данни на ESET.
  •     Забележка: Ако видите екрана Welcome Back to ESET Online Scanner"  (Добре дошли в онлайн скенера на ESET) , щракнете върху  Computer Scan  ( Сканиране на компютър ) > Full Scan  (Пълно сканиране).
  •     Кликнете върху опцията за Full Scan ( Пълно сканиране).
  •     Изберете Enable ESET to detect and remove potentially unwanted applications  (Активиране на ESET, за да открие и премахне потенциално нежелани приложения), след което щракнете върху Start scan  (Старт на сканиране).
  •     ESET  ще започне да сканира вашия компютър. Това може да отнеме известно време.
  •     Когато сканирането приключи и ако са открити заплахи, изберете Save scan log (Запазване на дневника на сканиране). Запазете го на работния плот като eset.txt. Кликнете върху Continue  (Продължи).
  •     ESET Онлайн скенер може да попита дали искате да включите функцията за периодично сканиране. Кликнете върху  Continue ( Продължи).
  •     На следващия екран можете да оставите отзиви за програмата, ако желаете. Поставете отметка в квадратчето за  Delete application data on closing ( изтриване на данни от приложението при затваряне). Ако оставите обратна връзка, щракнете върху Submit and continue (Изпращане и продължете). Ако не, Close without feedback (Затворете без обратна връзка).
  •   Отворете дневника от сканирането от вашия работен плот (eset.txt) и копирайте и поставете съдържанието му в следващия си отговор.

 

 


Линк към този отговор
Сподели в други сайтове

Пренасочването и преди се наблюдаваше рядко, така че за сега още го няма. Изпълних първата част с  AdwCleaner, но не ми поиска рестарт, рестартирах ръчно но не се отвори дневник след рестарта. Намерих 2 дневника в основната директория, качвам ги един след друг:

 

1.

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-03-22.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start:    04-17-2021
# Duration: 00:00:03
# OS:       Windows 10 Pro
# Cleaned:  41
# Failed:   0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted       C:\Users\Pyrpyl_HP\AppData\LocalLow\.acestream
Deleted       C:\Users\Pyrpyl_HP\AppData\Roaming\.acestream
Deleted       C:\_acestream_cache_

***** [ Files ] *****

Deleted       C:\Users\Pyrpyl_HP\Downloads\TOTALAV_SETUP.EXE
Deleted       C:\Windows\Reimage.ini

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
Deleted       HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
Deleted       HKCU\Software\RegisteredApplications|AceStream
Deleted       HKCU\Software\Reimage
Deleted       HKCU\Software\csastats
Deleted       HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
Deleted       HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Classes\REI_AxControl.ReiEngine
Deleted       HKLM\Software\Classes\REI_AxControl.ReiEngine.1
Deleted       HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
Deleted       HKLM\Software\Reimage
Deleted       HKLM\Software\Wow6432Node\SpeedBit
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
Deleted       HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
Deleted       HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
Deleted       HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

Deleted       Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2}
Deleted       Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted       Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D}
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.HPSupportAssistant   Folder   C:\Users\Pyrpyl_HP\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK
Deleted       Preinstalled.LenovoEasyCamera   Registry   HKLM\Software\Sunplus SPUVCb
Deleted       Preinstalled.LenovoEasyCamera   Registry   HKU\.DEFAULT\Software\Sunplus SPUVCb
Deleted       Preinstalled.LenovoEasyCamera   Registry   HKU\S-1-5-18\Software\Sunplus SPUVCb
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer_For_P2G8
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\CLVirtualDrive
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}
Deleted       Preinstalled.LenovoYouCam   Registry   HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Mirage
Deleted       Preinstalled.LenovoYouCam   Registry   HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Tray


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [5404 octets] - [17/04/2021 21:23:48]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########
 

 

2.

 

# -------------------------------
# Malwarebytes AdwCleaner 8.2.0.0
# -------------------------------
# Build:    03-22-2021
# Database: 2021-03-22.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start:    04-17-2021
# Duration: 00:00:30
# OS:       Windows 10 Pro
# Scanned:  31979
# Detected: 41


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy             C:\Users\Pyrpyl_HP\AppData\LocalLow\.acestream
PUP.Optional.Legacy             C:\Users\Pyrpyl_HP\AppData\Roaming\.acestream
PUP.Optional.Legacy             C:\_acestream_cache_

***** [ Files ] *****

PUP.Optional.Reimage            C:\Windows\Reimage.ini
PUP.Optional.TotalAV            C:\Users\Pyrpyl_HP\Downloads\TOTALAV_SETUP.EXE

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

PUP.Optional.AceStream          HKCU\Software\RegisteredApplications|AceStream
PUP.Optional.InstallCore        HKCU\Software\csastats
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ak.staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\staticimgfarm.com
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
PUP.Optional.Legacy             HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{D01A33E2-0A34-4659-82AA-8A90C51C0D21}
PUP.Optional.Legacy             HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy             HKLM\Software\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy             HKLM\Software\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy             HKLM\Software\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\SpeedBit
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\AppID\REI_AxControl.DLL
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
PUP.Optional.Legacy             HKLM\Software\Wow6432Node\\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
PUP.Optional.Reimage            HKCU\Software\Reimage
PUP.Optional.Reimage            HKLM\Software\Classes\REI_AxControl.ReiEngine
PUP.Optional.Reimage            HKLM\Software\Classes\REI_AxControl.ReiEngine.1
PUP.Optional.Reimage            HKLM\Software\Reimage

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

Preinstalled.CyberLinkShellExtension   Registry   HKLM\Software\Classes\CLSID\{3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} 
Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D} 
Preinstalled.HPMediaSmart   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{01FB4998-33C4-4431-85ED-079E3EEFE75D} 
Preinstalled.HPSupportAssistant   Folder   C:\Program Files (x86)\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\ProgramData\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.HPSupportAssistant   Folder   C:\Users\Pyrpyl_HP\AppData\Local\HEWLETT-PACKARD\HP SUPPORT FRAMEWORK 
Preinstalled.LenovoEasyCamera   Registry   HKLM\Software\Sunplus SPUVCb 
Preinstalled.LenovoEasyCamera   Registry   HKU\.DEFAULT\Software\Sunplus SPUVCb 
Preinstalled.LenovoEasyCamera   Registry   HKU\S-1-5-18\Software\Sunplus SPUVCb 
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\CLMLServer_For_P2G8 
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\CLVirtualDrive 
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} 
Preinstalled.LenovoPower2Go   Registry   HKLM\Software\Wow6432Node\\Microsoft\Windows\CurrentVersion\Uninstall\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2} 
Preinstalled.LenovoYouCam   Registry   HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Mirage 
Preinstalled.LenovoYouCam   Registry   HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\YouCam Tray 

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S00].txt ##########
 

 

Да продължа ли с    ESET Online Scanner ?

 

 

Линк към този отговор
Сподели в други сайтове
преди 1 минута, pyrpyl написа:

Да продължа ли с    ESET Online Scanner ?

Да ..! Но пак подсещам че това сканиране става по бавно..! Моля бъдете търпелив..! 

Линк към този отговор
Сподели в други сайтове

Добро утро. 

Излезе дневника на  ESET Online Scanner , като гледам какво е изчистил ме заболя главата:

 

18.4.2021 г. 06:58:33 ч.
Сканирани файлове: 890487
Открити файлове: 86
Почистени файлове: 86
Общо време на сканиране 03:14:11
Състояние на сканиране: Готово


C:\FRST\Quarantine\C\Windows\system32\Tasks\SVC Update.xBAD    XML/Agent.AD троянски кон    почистено чрез изтриване
C:\Intel\Download\duplicate-file-finder-setup.exe    вариант на Win32/Auslogics.J потенциално нежелано приложение,вариант на Win32/Auslogics.AA потенциално нежелано приложение    почистено чрез изтриване
C:\Program Files (x86)\esg\esg\Windows Loader.exe    вариант на Win32/HackTool.WinActivator.I потенциално опасно приложение    почистено чрез изтриване
C:\Program Files (x86)\KMSPico 10.2.1 Final\Registry_Activation_1593077924.exe    Win32/InstallCore.Gen.A потенциално нежелано приложение    почистено чрез изтриване
C:\Program Files (x86)\Unlockroot Pro\tools\rootutility    вариант на Android/Exploit.Lotoor.AN троянски кон    почистено чрез изтриване
C:\Program Files (x86)\Unlockroot Pro\unlockrootpro.exe    вариант на Win32/Packed.VProtect.C подозрително приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_33023.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_34727.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_34944.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_35702.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_39586.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_39710.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.3_39944.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.3_40097.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\Desktop\RESTORED\2020-11-01_15-54-56\hdd_regenerator_2279883145.exe    Win32/InstallCore.Gen.G потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\Downloads\Memu-Installer_v1.696.318.82.3.exe    MSIL/DotSetupIo.A потенциално нежелано приложение    почистено чрез изтриване
C:\Users\Pyrpyl_HP\Favorites\Links\Интернет.url    LNK/TrojanClicker.Agent.A троянски кон    почистено чрез изтриване
C:\Windows\KJ\BIOS_Emulator\royal32.sys    вариант на Win32/HackKMS.M потенциално опасно приложение    почистено чрез изтриване
C:\Windows\KJ\OEM_info\oem.exe    вариант на MSIL/HackTool.WinActivator.A потенциално опасно приложение    почистено чрез изтриване
C:\Windows\KJ\Pirate\WinRR.exe    вариант на Win32/HackTool.WinActivator.J потенциално опасно приложение    почистено чрез изтриване
C:\Windows\KJ\Pirate8\wat\Install.cmd    BAT/HackTool.WinActivator.B потенциално опасно приложение    почистено чрез изтриване
C:\Windows\KJ\Pirate8\Install.cmd    BAT/HackTool.WinActivator.B потенциално опасно приложение    почистено чрез изтриване
C:\Windows\KJ\Pirate8\Uninstall.cmd    BAT/HackTool.WinActivator.B потенциално опасно приложение    почистено чрез изтриване
C:\Windows\KJ\BIOS.EXE    Win32/HackTool.SLICMod.C потенциално опасно приложение    почистено чрез изтриване
C:\Windows\KJ\KMService.exe    вариант на Win32/HackKMS.T потенциално опасно приложение    почистено чрез изтриване
C:\Windows\SECOH-QAD.dll    Win64/HackKMS.D потенциално опасно приложение    почистено чрез изтриване
C:\Windows\SECOH-QAD.exe    Win64/HackKMS.C потенциално опасно приложение    почистено чрез изтриване
D:\Documents\TEC\Documents\Dekctop\New folder\Savov Docs\UpdateMyDrivers.exe    вариант на Win32/SmartTweak.A потенциално нежелано приложение,вариант на Win32/Bundled.Toolbar.Ask.G потенциално опасно приложение,вариант на Win32/Bundled.Toolbar.Ask потенциално опасно приложение    почистено чрез изтриване
D:\Documents\TEC\Documents\DSD\Docs\New Folder\Programs\Portable\PSoft\Alcohol 120 1.9.6.5429\Alcohol_120.exe    Win32/HackTool.Patcher.N потенциално опасно приложение    почистено чрез изтриване
D:\Documents\TEC\Documents\DSD\Docs\New Folder\Programs\Portable\PSoft\UltraISO Premium 8.6.5.2\UltraISO.exe    Win32/HackTool.Patcher.HK потенциално опасно приложение    почистено чрез изтриване
D:\Documents\TEC\Documents\DSD\Docs\New Folder\Programs\Portable\PSoft\VideoInspector\videoinspector.exe    вариант на Win32/Toolbar.Crawler потенциално нежелано приложение    почистено чрез изтриване
D:\Documents\TEC\Falsh\pcspy\pcspy.exe    множество откривания,вариант на Win32/KeyLogger.eMatrixSoft.G приложение,вариант на Win32/KeyLogger.eMatrixSoft.A приложение,вариант на Win32/KeyLogger.eMatrixSoft.M приложение    почистено чрез изтриване
D:\Documents\TEC\Falsh\PDF Password Remover v3.0\winDecrypt.exe    вариант на Win32/PSWTool.PdfCracker.A потенциално опасно приложение    почистено чрез изтриване
D:\Documents\TEC\Falsh\Windows Loader\Windows Loader.exe    Win32/HackTool.WinActivator.I потенциално опасно приложение    почистено чрез изтриване
D:\Downloads\ReimageRepair.exe    Win32/ReImageRepair.P потенциално нежелано приложение    почистено чрез изтриване
D:\Games\Crysis 3\Bin32\CryEA.dll    Win32/HackTool.Crack.P потенциално опасно приложение    почистено чрез изтриване
D:\Torents\Acronis True Image 2017 v21.0 Build 8029 + BootCD\ActivationAcronisTI(H).exe    Win32/HackTool.Crack.FP потенциално опасно приложение    почистено чрез изтриване
D:\Torents\Far.Cry.4.Update.v1.5-RELOADED\Crack\bin\steam_api.dll    Win32/HackTool.Crack.CS потенциално опасно приложение    почистено чрез изтриване
D:\Torents\Far.Cry.4.Update.v1.5-RELOADED\Crack\bin\steam_api64.dll    вариант на Win64/HackTool.Crack.F потенциално опасно приложение    почистено чрез изтриване
D:\Torents\Far.Cry.4.Update.v1.6-RELOADED\Crack\bin\steam_api.dll    Win32/HackTool.Crack.EA потенциално опасно приложение    почистено чрез изтриване
D:\Torents\Far.Cry.4.Update.v1.6-RELOADED\Crack\bin\steam_api64.dll    вариант на Win64/HackTool.Crack.F потенциално опасно приложение    почистено чрез изтриване
D:\Torents\GetData Recover My Files Professional v5.2.1.1964\Patch\recover.my.files.v5.2.1.1964-patch.exe    вариант на Win32/HackTool.Patcher.AD потенциално опасно приложение    почистено чрез изтриване
D:\Torents\Grand.Theft.Auto.V.Update.1.and.Crack.v2-3DM\Crack\3dmgame.dll    вариант на Win64/HackTool.Crack.C потенциално опасно приложение    почистено чрез изтриване
D:\Torents\KMSpico_10.2.0\KMSpico Install\KMSpico_setup.exe    вариант на MSIL/HackTool.IdleKMS.E потенциално опасно приложение,MSIL/HackTool.IdleKMS.I потенциално опасно приложение,Win32/HackKMS.AZ потенциално опасно приложение    почистено чрез изтриване
D:\Torents\KMSpico_10.2.0\KMSpico Portable\AutoPico.exe    вариант на MSIL/HackTool.IdleKMS.E потенциално опасно приложение    почистено чрез изтриване
D:\Torents\KMSpico_10.2.0\KMSpico Portable\KMSELDI.exe    MSIL/HackTool.IdleKMS.I потенциално опасно приложение    почистено чрез изтриване
D:\Torents\LoviOtwet\ЛовиОтвет 6.1.84.20 DC 19.01.2015.VIR    вариант на Win32/Itva.C потенциално нежелано приложение    почистено чрез изтриване
D:\Torents\Microsoft Office 2016 Pro_Visio_Project 16.0.4549.1000 RePack by KpoJIuK.v.2017.11\Microsoft.Office.Pro-Plus.2016x64.v2017.11\Microsoft.Office.Pro-Plus.2016x64.v2017.11.exe    вариант на Win32/RiskWare.HackTool.Agent.N приложение    почистено чрез изтриване
D:\Torents\Microsoft Office 2016 Pro_Visio_Project 16.0.4549.1000 RePack by KpoJIuK.v.2017.11\Microsoft.Office.Pro-Plus.2016x86.v2017.11\Microsoft.Office.Pro-Plus.2016x86.v2017.11.exe    вариант на Win32/RiskWare.HackTool.Agent.N приложение    почистено чрез изтриване
D:\Torents\Perfectly Clear Complete v3.11.2.1923 RePack (& Portable) [x64]\Perfectly Clear Complete 3.11.2.1923.exe    вариант на Win32/HackTool.Crack.KN потенциално опасно приложение    почистено чрез изтриване
D:\Torents\R-Studio 7.1 build 154533 Network Edition\rs6\crack.exe    вариант на Win32/HackTool.Patcher.A потенциално опасно приложение    почистено чрез изтриване
D:\Torents\SpyHunter v4.17.6.4336\Patch\Patch\spyhunter.4.3.32-patch.exe    вариант на Win32/HackTool.Patcher.A потенциално опасно приложение    почистено чрез изтриване
D:\Torents\Windows 8.1 8in1 x64 en-US May2015 murphy78\Microsoft Toolkit v2.5.3\MTKV253\Microsoft Toolkit.exe    вариант на MSIL/HackKMS.G потенциално опасно приложение    почистено чрез изтриване
D:\Torents\FFSetup3.3.3.0.exe    вариант на Win32/Hao123.A потенциално нежелано приложение    почистено чрез изтриване
H:\Symantec.Norton.Ghost.v15.0.1.36526\KEYMAKER.EXE    вариант на Win32/Keygen.AC потенциално опасно приложение    почистено чрез изтриване
H:\Windows Loader\Windows Loader.exe    Win32/HackTool.WinActivator.I потенциално опасно приложение    почистено чрез изтриване
I:\Intel\Download\duplicate-file-finder-setup.exe    вариант на Win32/Auslogics.J потенциално нежелано приложение,вариант на Win32/Auslogics.AA потенциално нежелано приложение    почистено чрез изтриване
I:\Program Files (x86)\esg\esg\Windows Loader.exe    вариант на Win32/HackTool.WinActivator.I потенциално опасно приложение    почистено чрез изтриване
I:\Program Files (x86)\Unlockroot Pro\tools\rootutility    вариант на Android/Exploit.Lotoor.AN троянски кон    почистено чрез изтриване
I:\Program Files (x86)\Unlockroot Pro\unlockrootpro.exe    вариант на Win32/Packed.VProtect.C подозрително приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Local\Temp\Memu-Setup-2ef4eb7d.exe    Win32/InstallCore.Gen.D потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Local\Viber\downloader.exe    вариант на Win32/Yandex.K потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_33023.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_34727.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_34944.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_35702.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_37754.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_39586.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.2_39710.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.3_39944.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.4.3_40097.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe    вариант на Win32/uTorrent.C потенциално нежелано приложение    почистено чрез изтриване
I:\Users\Pyrpyl_HP\Favorites\Links\Интернет.url    LNK/TrojanClicker.Agent.A троянски кон    почистено чрез изтриване
I:\Windows\KJ\BIOS_Emulator\royal32.sys    вариант на Win32/HackKMS.M потенциално опасно приложение    почистено чрез изтриване
I:\Windows\KJ\OEM_info\oem.exe    вариант на MSIL/HackTool.WinActivator.A потенциално опасно приложение    почистено чрез изтриване
I:\Windows\KJ\Pirate\WinRR.exe    вариант на Win32/HackTool.WinActivator.J потенциално опасно приложение    почистено чрез изтриване
I:\Windows\KJ\Pirate8\wat\Install.cmd    BAT/HackTool.WinActivator.B потенциално опасно приложение    почистено чрез изтриване
I:\Windows\KJ\Pirate8\Install.cmd    BAT/HackTool.WinActivator.B потенциално опасно приложение    почистено чрез изтриване
I:\Windows\KJ\Pirate8\Uninstall.cmd    BAT/HackTool.WinActivator.B потенциално опасно приложение    почистено чрез изтриване
I:\Windows\KJ\BIOS.EXE    Win32/HackTool.SLICMod.C потенциално опасно приложение    почистено чрез изтриване
I:\Windows\KJ\KMService.exe    вариант на Win32/HackKMS.T потенциално опасно приложение    почистено чрез изтриване
I:\Windows\AutoKMS.exe    MSIL/HackKMS.A потенциално опасно приложение    почистено чрез изтриване
 

 

Благодаря Ви отново. Имате ли препоръки за смяна на антивирусната?

Линк към този отговор
Сподели в други сайтове
преди 1 час, pyrpyl написа:

Излезе дневника на  ESET Online Scanner , като гледам какво е изчистил ме заболя главата:

 

Добро утро..! В какъв смисъл ...?!?  Махнало е всички активатори , хакове , кракове..които са теглени от незнайни торент тракери ..Тоест пиратски..! 🙂

Farbar Recovery Scan Tool  си е свършил работата и е вкарал в карантина  един XML/Agent.AD троянски кон  и друго което  ми привлича вниманието са Android/Exploit.Lotoor.AN троянски кон LNK/TrojanClicker.Agent.A троянски кон  , Win32/KeyLogger.eMatrixSoft.G ..въобще цяла менажерия ..и всичко това от пиратския софтуер ..! 🙂

 

Последно за контрол...:

 

FRST сканиране

    Щракнете двукратно върху FRST.exe / FRST64.exe, за да го стартирате.
    Натиснете бутона за image.png.e4ea07ecfc9acbc1a7ac79c624db8810.png сканиране.
    Когато приключи, той ще създаде  два лог файла с името FRST.txt и Addition.txt, в същата директория, от която е стартиран инструментът.
    Моля, копирайте и поставете журналите в следващия си отговор.

 

 

Дневници 

В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (копирате цялото съдържание)

 

 

Линк към този отговор
Сподели в други сайтове
преди 2 часа, pyrpyl написа:

Благодаря Ви отново. Имате ли препоръки за смяна на антивирусната?

Нека да приключим с почистването , почти на финала сме  и тогава ще коментираме по този въпрос..!

Линк към този отговор
Сподели в други сайтове

Благодаря, пускам логовете:

FRST.txt 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by Pyrpyl_HP (administrator) on PYRPYL_HP-PC (Hewlett-Packard HP ProBook 450 G1) (18-04-2021 09:16:40)
Running from C:\Users\Pyrpyl_HP\Desktop
Loaded Profiles: Pyrpyl_HP
Platform: Windows 10 Pro Version 20H2 19042.928 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\updates\3.5.5_45966\utorrentie.exe <2>
(BitTorrent Inc -> BitTorrent Inc.) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <10>
(Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(LAVASOFT SOFTWARE CANADA INC -> ) C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
(LAVASOFT SOFTWARE CANADA INC -> Lavasoft) C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(PDF Complete Inc. -> PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Shanghai Microvirt Software Technology Co., Ltd. -> ) C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe
(Sony Mobile Communications AB -> Sony) [File not signed] C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Symantec Corporation -> Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Validity Sensors, Inc -> Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(上海迈微软件科技有限公司 -> ) C:\Program Files (x86)\Microvirt\MEmu\adb.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [706192 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD) [File not signed]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [] => [X]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [8520168 2021-04-18] (LAVASOFT SOFTWARE CANADA INC -> Lavasoft)
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Policies\system: [shell] explorer.exe <==== ATTENTION
HKLM\...\Print\Monitors\HP bf2a Status Monitor: C:\WINDOWS\system32\hpinkstsbf2aLM.dll [468104 2017-09-15] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP LaserJet MFP M28-M31): C:\WINDOWS\system32\HPDiscoPMbf2a.dll [988808 2017-09-27] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\PDFC: C:\WINDOWS\system32\pdfc_port.dll [27680 2018-02-01] (PDF Complete Inc. -> PDF Complete, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.72\Installer\chrmstp.exe [2021-04-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09DE343A-923D-457B-A19A-1CC1BA23DF8E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0D69FE61-9E05-4921-A131-738DE4FA3FFD} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {10D6F81F-4DB2-468A-BF62-F0057368B640} - System32\Tasks\{BA76E13E-4B26-46BB-8DA7-C23F3BB399E9} => "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.12.0.101/bg/abandoninstall?page=tsMain
Task: {10E6C7F1-F9E1-416F-B258-DACE319E3EE8} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [30108424 2020-09-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {197783D4-6197-4990-A646-10DBC1C72FB5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {269998F4-A2B8-4814-9FAF-A0EC9F415CAD} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {2BA14D5D-3922-4660-BCE2-23CD6BDF5C7A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2C07239C-9520-4358-AC2E-185790608859} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34BE26F8-3A74-408E-9993-A37840EBA599} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {3C77CBFA-C780-4C31-BEA2-1BF94577FE9F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-993510031-3225739286-1372905849-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {3CCD2BA6-A010-4578-99DC-3F17A380D6FF} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {427B583D-574F-4108-9554-A922314E01F6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {46712367-02F3-4136-9154-A2C5979CBE11} - System32\Tasks\{93AC3200-379F-464B-97BB-80812FCDB50B} => "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.18.0.112/bg/abandoninstall?page=tsMain
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {48EB919D-C171-47D0-B655-DCABE88B157F} - System32\Tasks\{692E0DA6-4F21-4A4E-954E-6BC10623F594} => C:\Windows\system32\pcalua.exe -a C:\Users\Pyrpyl_HP\Downloads\sp92303.exe -d C:\Users\Pyrpyl_HP\Downloads
Task: {4CE03A4B-1EC3-4280-A83A-61A40EA4CB7E} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [752136 2020-06-18] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {4FD0251C-8678-4BA6-A3C4-1883D514D168} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53F33F12-2392-48DC-AF08-1713C6695ABF} - System32\Tasks\Wise Memory Optimizer Task => C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe
Task: {55ACEAC9-B45C-4BDE-868B-ED389A0127CE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {597D89DF-509E-4DE8-870F-324DEE39F3B6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5F174538-491F-48DC-917A-C2797DC61A40} - System32\Tasks\{FC398F30-11A1-4268-B1D5-6C88ECB38A18} => "c:\program files (x86)\google\chrome\application\chrome.exe" https://ui.skype.com/ui/0/7.29.0.102/bg/abandoninstall?page=tsMain
Task: {5F3792AB-E772-4D3B-903E-718D820D2751} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {6233C94B-FC7A-4487-BAC2-141F54AF9B7B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6859A8BE-DE27-4A1C-85E1-E825883FBD06} - System32\Tasks\HPCustPartic.exe_{7F6EA2B9-DE57-47E3-9219-5C7EDA728796} => C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\HPCustPartic.exe [6662792 2017-09-27] (Hewlett Packard -> HP Inc.)
Task: {68A6AD42-8AED-4E5C-A651-3E70FC10482F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {70A78064-6BC2-4EB4-A22B-9D18BBA8E3C3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {763A6A0C-8A34-4622-B10A-64B1E5747172} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-07] (Google LLC -> Google LLC)
Task: {874C85F7-4904-4824-AAFC-4ED7D313F4D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9E358439-CFE9-4C93-BB31-0DB3A24B7E0B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {A0E19528-46D7-4AE4-BAF1-A5E0E3E38E39} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {A4128A31-CA5B-4B7F-9649-0CF3D4DEEA5D} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {A46FA47C-F2FF-42DB-ABD0-37240F66E7FA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A6AAB681-680B-467E-9F35-70D303E10D0A} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {A900BA21-CEDC-4347-ABDF-9D9903C653F6} - System32\Tasks\WiseCleaner\WMOSkipUAC => C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B57620A2-D908-4CE7-B212-5604504501C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3EEEACC-9B0D-420E-AE66-5C037764C630} - System32\Tasks\{4A28086F-96B1-47FB-9E38-E5C64C70F1D2} => "c:\program files (x86)\google\chrome\application\chrome.exe" https://ui.skype.com/ui/0/7.40.0.104/bg/abandoninstall?page=tsMain
Task: {C43255BD-C6A2-4DB0-A8A2-A934D5FB01B9} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C918C3E9-E264-4489-9479-BD246A57509B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE77CBF7-732D-42FF-A3D4-6D7021D65E7F} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {D34A8E61-02D9-471D-9391-8D7936DFFE28} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {DB410C21-3508-4B6A-8EDD-EF8DE185DEE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-07] (Google LLC -> Google LLC)
Task: {DCE3F822-2B87-421B-AFF2-57F0FF6A2194} - System32\Tasks\HPCustParticipation HP LaserJet MFP M28-M31 => C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\HPCustPartic.exe [6662792 2017-09-27] (Hewlett Packard -> HP Inc.)
Task: {EC6BDB05-B5B2-4C2A-9106-E3DF93A9729A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F0AB67C0-EC77-4DCC-B513-79B88076961A} - System32\Tasks\Opera scheduled Autoupdate 1416161631 => G:\Programs\Opera\launcher.exe
Task: {F6F75990-CAE3-4489-A521-6E18366BE7DE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA13C64C-0CF8-4366-AE99-83BCABE0A2B4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FCFBA840-F5C6-441E-B928-34198B2A1556} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Wise Memory Optimizer Task.job => C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.16.1.1
Tcpip\..\Interfaces\{8c644601-063f-4abe-8bb6-f2f7f50a5359}: [DhcpNameServer] 172.16.1.1
Tcpip\..\Interfaces\{E3DE5057-8568-4811-8439-B2FF78B3C830}: [DhcpNameServer] 172.16.1.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pyrpyl_HP\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-18]
Edge Extension: (Video Download Pro) - C:\Users\Pyrpyl_HP\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iealfojfpcnjahnjbdklmljbilnnncdd [2020-12-22]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2016-12-07] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FF Plugin HKU\S-1-5-21-993510031-3225739286-1372905849-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pyrpyl_HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies SF -> Unity Technologies ApS)

Chrome: 
=======
CHR Profile: C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default [2021-04-18]
CHR Notifications: Default -> hxxps://www.kaldata.com
CHR HomePage: Default -> hxxp://192.168.0.100/
CHR StartupUrls: Default -> "hxxps://tvn.bg/"
CHR Extension: (Slides) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-07]
CHR Extension: (Docs) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-07]
CHR Extension: (Google Drive) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-07]
CHR Extension: (YouTube) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-07]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-04-07]
CHR Extension: (Sheets) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-15]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-07]
CHR Extension: (Gmail) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-16]

Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - G:\Programs\Opera\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [634768 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [383976 2021-03-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [161072 2020-12-16] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec Corporation -> Symantec)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 LiveUpdate; C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation -> Symantec Corporation)
R2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-09-12] (Shanghai Microvirt Software Technology Co., Ltd. -> )
S2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation -> Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1795136 2018-02-01] (PDF Complete Inc. -> PDF Complete Inc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{7C6B734B-F40D-4C7E-9C4C-95715C0D84F9} [21312 2021-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{7C6B734B-F40D-4C7E-9C4C-95715C0D84F9} [21312 2021-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec Corporation -> Symantec)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13086224 2020-07-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
R2 WCAssistantService; C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe [28136 2021-04-18] (LAVASOFT SOFTWARE CANADA INC -> )
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2201440 2017-11-09] (Sony Mobile Communications AB -> Sony) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; D:\Programs\AIDA64Portable\App\AIDA64Extreme\kerneld.x64 [34136 2014-07-29] (FinalWire -> )
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2020-09-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2020-09-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [209744 2021-04-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2020-09-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2020-09-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2020-09-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 CLVirtualDrive; C:\WINDOWS\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [102368 2012-09-20] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [66608 2010-02-12] (Symantec Corporation -> Symantec Corporation)
S3 htcnprot; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider)
R3 m76usb; C:\WINDOWS\System32\drivers\m76usb.sys [563360 2015-06-03] (MEDIATEK INC. -> Ralink Technology Corp.)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [320360 2020-10-09] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R2 NPF; C:\Program Files\iVMS-4200 Station\iVMS-4200\Drivers\npf64.sys [36600 2018-06-02] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [50248 2020-10-07] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13264 2009-12-21] (MT SOLUTION LTD -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [203104 2012-09-20] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 STHDA; C:\WINDOWS\System32\DRIVERS\stwrt64.sys [551936 2013-11-07] (IDT, Inc.) [File not signed]
R0 symsnap; C:\WINDOWS\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (Symantec Corporation -> StorageCraft)
S3 VProEventMonitor; C:\WINDOWS\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-18 09:16 - 2021-04-18 09:17 - 000032239 _____ C:\Users\Pyrpyl_HP\Desktop\FRST.txt
2021-04-18 08:12 - 2021-04-18 08:12 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\Lavasoft
2021-04-18 08:12 - 2021-04-18 08:12 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\Lavasoft
2021-04-18 08:12 - 2021-04-18 08:12 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2021-04-18 08:12 - 2021-04-18 08:12 - 000000000 ____D C:\Program Files (x86)\Lavasoft
2021-04-18 08:11 - 2021-04-18 08:12 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\LocalLow\uTorrent
2021-04-18 08:11 - 2021-04-18 08:11 - 000002744 _____ C:\Users\Pyrpyl_HP\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-04-18 08:11 - 2021-04-18 08:11 - 000000000 ____D C:\ProgramData\Lavasoft
2021-04-18 08:10 - 2021-04-18 08:10 - 002133032 _____ (BitTorrent Inc.) C:\Users\Pyrpyl_HP\Downloads\uTorrent.exe
2021-04-18 08:09 - 2021-04-18 08:19 - 000001066 _____ C:\Users\Pyrpyl_HP\Desktop\New Text Document (4).txt
2021-04-18 06:59 - 2021-04-18 06:59 - 000026276 _____ C:\Users\Pyrpyl_HP\Desktop\eset.txt
2021-04-17 22:04 - 2021-04-17 22:04 - 000000818 _____ C:\Users\Pyrpyl_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-17 22:04 - 2021-04-17 22:04 - 000000672 _____ C:\Users\Pyrpyl_HP\Desktop\ESET Online Scanner.lnk
2021-04-17 22:04 - 2021-04-17 22:04 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\ESET
2021-04-17 21:22 - 2021-04-17 21:25 - 000000000 ____D C:\AdwCleaner
2021-04-17 21:20 - 2021-04-17 21:20 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Pyrpyl_HP\Desktop\esetonlinescanner.exe
2021-04-17 21:19 - 2021-04-17 21:18 - 008534696 _____ (Malwarebytes) C:\Users\Pyrpyl_HP\Desktop\adwcleaner_8.2.exe
2021-04-17 21:18 - 2021-04-17 21:20 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Pyrpyl_HP\Downloads\esetonlinescanner.exe
2021-04-17 21:18 - 2021-04-17 21:18 - 008534696 _____ (Malwarebytes) C:\Users\Pyrpyl_HP\Downloads\adwcleaner_8.2.exe
2021-04-17 20:58 - 2021-04-17 20:58 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-04-17 20:55 - 2021-04-17 20:55 - 000010124 _____ C:\Users\Pyrpyl_HP\Desktop\Fixlog.txt
2021-04-16 18:49 - 2021-04-16 18:49 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-16 18:49 - 2021-04-16 18:49 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-16 18:49 - 2021-04-16 18:49 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-16 18:26 - 2021-04-16 18:26 - 003111748 _____ C:\WINDOWS\Minidump\041621-10625-01.dmp
2021-04-13 06:25 - 2021-04-13 06:25 - 003023388 _____ C:\WINDOWS\Minidump\041321-10953-01.dmp
2021-04-11 05:54 - 2021-04-11 05:54 - 002196092 _____ C:\WINDOWS\Minidump\041121-8796-01.dmp
2021-04-10 18:49 - 2021-04-10 18:50 - 001742060 _____ C:\WINDOWS\Minidump\041021-15828-01.dmp
2021-04-09 13:28 - 2021-04-09 13:28 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\Viber
2021-04-09 07:46 - 2021-04-18 07:12 - 000000000 ____D C:\Users\Pyrpyl_HP\.MemuHyperv
2021-04-09 07:46 - 2021-04-09 07:46 - 000001150 _____ C:\Users\Pyrpyl_HP\Desktop\MEmu.lnk
2021-04-09 07:46 - 2021-04-09 07:46 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEmu
2021-04-09 07:45 - 2021-04-09 07:46 - 000000000 ____D C:\Program Files (x86)\Microvirt
2021-04-08 07:08 - 2021-04-08 07:08 - 000066623 _____ C:\Users\Pyrpyl_HP\Downloads\___Orders (2).pdf
2021-04-07 18:30 - 2021-04-16 06:34 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-07 18:30 - 2021-04-07 18:30 - 000000000 ____D C:\Program Files\Google
2021-04-07 18:26 - 2021-04-07 18:26 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-07 18:26 - 2021-04-07 18:26 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-07 15:30 - 2021-04-07 15:30 - 000048748 _____ C:\Users\Pyrpyl_HP\Downloads\642 TEZ Ruse - stoka  - 15.03.21.pdf
2021-04-06 09:34 - 2021-04-06 09:34 - 000068073 _____ C:\Users\Pyrpyl_HP\Downloads\Proforma Advance payment
2021-04-06 09:33 - 2021-04-06 09:33 - 000000147 _____ C:\Users\Pyrpyl_HP\Downloads\untitled1.1.txt
2021-04-06 09:32 - 2021-04-06 09:32 - 000000147 _____ C:\Users\Pyrpyl_HP\Downloads\REMINDER_ Proforma Advance payment.txt
2021-04-05 23:02 - 2021-04-05 23:02 - 000573733 _____ C:\Users\Pyrpyl_HP\Downloads\192700128.pdf
2021-04-05 23:01 - 2021-04-05 23:01 - 000537680 _____ C:\Users\Pyrpyl_HP\Downloads\192700139.pdf
2021-04-05 22:58 - 2021-04-05 22:58 - 000547601 _____ C:\Users\Pyrpyl_HP\Downloads\192700138.pdf
2021-04-05 22:57 - 2021-04-05 22:57 - 000546357 _____ C:\Users\Pyrpyl_HP\Downloads\192700149.pdf
2021-04-05 22:56 - 2021-04-05 22:56 - 000559576 _____ C:\Users\Pyrpyl_HP\Downloads\192700147.pdf
2021-04-05 22:55 - 2021-04-05 22:55 - 000569999 _____ C:\Users\Pyrpyl_HP\Downloads\192700148 (1).pdf
2021-04-05 22:54 - 2021-04-05 22:54 - 000569999 _____ C:\Users\Pyrpyl_HP\Downloads\192700148.pdf
2021-04-05 22:52 - 2021-04-05 22:52 - 000545351 _____ C:\Users\Pyrpyl_HP\Downloads\192700146.pdf
2021-04-03 11:20 - 2021-04-03 11:20 - 000066623 _____ C:\Users\Pyrpyl_HP\Downloads\___Orders (1).pdf
2021-04-03 11:00 - 2021-04-03 11:00 - 000066623 _____ C:\Users\Pyrpyl_HP\Documents\Решение.pdf
2021-04-03 10:50 - 2021-04-03 10:50 - 000066623 _____ C:\Users\Pyrpyl_HP\Downloads\___Orders.pdf
2021-03-31 21:08 - 2021-04-07 18:26 - 000000000 ____D C:\Program Files (x86)\Google
2021-03-31 20:38 - 2021-04-17 18:55 - 000000000 ____D C:\Users\Pyrpyl_HP\Desktop\FRST-OlderVersion
2021-03-31 18:44 - 2021-03-31 18:44 - 000072452 _____ C:\ProgramData\agent.uninstall.1617205447.bdinstall.v2.bin
2021-03-30 18:50 - 2021-03-30 18:50 - 000116924 _____ C:\ProgramData\agent.1617119425.bdinstall.v2.bin
2021-03-26 18:54 - 2021-03-26 18:54 - 002317652 _____ C:\WINDOWS\Minidump\032621-11343-01.dmp
2021-03-26 07:16 - 2021-03-26 07:17 - 002330524 _____ C:\WINDOWS\Minidump\032621-15500-01.dmp
2021-03-22 07:23 - 2021-03-22 07:23 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\__SHARED
2021-03-21 19:14 - 2021-04-17 22:17 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final
2021-03-20 20:19 - 2021-04-16 18:27 - 000000000 ____D C:\WINDOWS\Minidump
2021-03-20 20:19 - 2021-03-20 20:19 - 001693156 _____ C:\WINDOWS\Minidump\032021-9296-01.dmp
2021-03-20 19:26 - 2021-03-20 19:26 - 005055372 _____ C:\Users\Pyrpyl_HP\Downloads\Tv App Repo_v1.1.4-playstore_apkpure.com.apk
2021-03-20 16:48 - 2021-03-20 16:51 - 080723061 _____ C:\Users\Pyrpyl_HP\Downloads\Hik Connect_v3.11.1.1023_apkpure.com.apk
2021-03-20 16:02 - 2021-03-20 16:06 - 104093144 _____ C:\Users\Pyrpyl_HP\Downloads\Hik-Connect.apk
2021-03-20 15:45 - 2021-03-20 15:45 - 000000165 ____H C:\Users\Pyrpyl_HP\Desktop\~$table.xlsx
2021-03-20 14:25 - 2021-03-20 14:25 - 009083910 _____ C:\Users\Pyrpyl_HP\Downloads\smartyoutubetv_latest.apk
2021-03-20 13:45 - 2021-03-20 13:46 - 063510297 _____ C:\Users\Pyrpyl_HP\Downloads\kodi-18.9-Leia-armeabi-v7a (1).apk
2021-03-19 23:00 - 2021-03-19 23:00 - 000000000 ____D C:\Users\Pyrpyl_HP\Desktop\app
2021-03-19 22:52 - 2021-03-19 22:56 - 063510297 _____ C:\Users\Pyrpyl_HP\Downloads\kodi-18.9-Leia-armeabi-v7a.apk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-18 09:18 - 2014-10-12 11:33 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent
2021-04-18 09:17 - 2019-07-21 20:53 - 000000000 ____D C:\FRST
2021-04-18 08:58 - 2019-12-07 12:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-18 07:56 - 2019-04-19 17:41 - 000000000 ____D C:\Users\Pyrpyl_HP\Downloads\MEmu Download
2021-04-18 06:56 - 2021-03-18 21:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-18 01:44 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\Registration
2021-04-18 00:52 - 2018-03-23 07:26 - 000000000 __SHD C:\Users\Pyrpyl_HP\IntelGraphicsProfiles
2021-04-18 00:31 - 2020-06-24 21:34 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\Kodi
2021-04-17 22:35 - 2015-05-10 20:25 - 000000000 ____D C:\WINDOWS\KJ
2021-04-17 22:29 - 2014-09-21 10:54 - 000000000 ____D C:\ProgramData\PDFC
2021-04-17 22:19 - 2014-11-15 14:35 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnlockRoot Pro
2021-04-17 22:19 - 2014-11-15 14:31 - 000000000 ____D C:\Program Files (x86)\Unlockroot Pro
2021-04-17 21:33 - 2021-03-18 22:00 - 000941190 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-17 21:33 - 2019-12-07 12:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-17 21:28 - 2021-03-18 21:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-17 21:28 - 2021-03-18 21:48 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-17 21:28 - 2020-09-22 11:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-04-17 21:28 - 2020-08-22 20:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-17 21:28 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-17 21:28 - 2019-12-07 12:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-17 21:25 - 2017-10-25 19:57 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\Hewlett-Packard
2021-04-17 21:25 - 2014-08-20 12:28 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-04-17 21:25 - 2014-08-20 12:27 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-04-17 20:55 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-04-17 20:55 - 2009-07-14 06:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-04-17 18:55 - 2019-07-21 20:53 - 002298368 _____ (Farbar) C:\Users\Pyrpyl_HP\Desktop\FRST64.exe
2021-04-17 16:50 - 2019-12-07 12:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-17 16:50 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-17 16:49 - 2020-09-27 09:41 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-16 22:36 - 2021-03-18 20:36 - 000000000 ____D C:\Users\Pyrpyl_HP
2021-04-16 22:36 - 2019-12-07 12:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-16 22:36 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-16 22:36 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-16 18:52 - 2019-12-07 12:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-16 18:36 - 2014-09-20 19:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-16 18:34 - 2015-07-27 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-04-16 18:34 - 2014-08-20 12:11 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-16 18:29 - 2014-09-20 19:14 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-16 18:26 - 2020-09-28 06:28 - 750661766 _____ C:\WINDOWS\MEMORY.DMP
2021-04-15 06:36 - 2020-07-25 09:25 - 000011505 _____ C:\Users\Pyrpyl_HP\Desktop\table.xlsx
2021-04-13 20:54 - 2019-11-23 14:06 - 000000000 ____D C:\iVMS-4200
2021-04-12 18:45 - 2020-06-15 18:38 - 000000000 ____D C:\Users\Pyrpyl_HP\Desktop\Осигуровки
2021-04-12 06:24 - 2021-03-18 21:57 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-993510031-3225739286-1372905849-1000
2021-04-12 06:24 - 2021-03-18 20:36 - 000002417 _____ C:\Users\Pyrpyl_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-12 06:24 - 2020-09-22 11:30 - 000000000 ___RD C:\Users\Pyrpyl_HP\OneDrive
2021-04-09 22:05 - 2016-05-07 09:41 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\ViberPC
2021-04-09 07:46 - 2020-10-12 18:05 - 000001189 _____ C:\Users\Pyrpyl_HP\Desktop\Multi-MEmu.lnk
2021-04-09 07:46 - 2019-04-19 17:40 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\Microvirt
2021-04-09 07:46 - 2014-11-15 12:46 - 000000000 ____D C:\Users\Pyrpyl_HP\.android
2021-04-07 18:30 - 2020-10-04 13:36 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\Google
2021-04-04 16:03 - 2020-09-18 22:42 - 000209744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2021-04-02 23:27 - 2015-05-02 08:44 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\Bigasoft Video Downloader
2021-03-31 21:00 - 2018-08-03 08:10 - 000000717 _____ C:\Users\Pyrpyl_HP\Desktop\New Text Document (3).txt
2021-03-31 18:52 - 2020-09-20 15:40 - 000001324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk
2021-03-31 18:52 - 2020-09-20 15:40 - 000001312 _____ C:\Users\Public\Desktop\Registry Repair.lnk
2021-03-31 18:52 - 2020-09-20 15:40 - 000001312 _____ C:\ProgramData\Desktop\Registry Repair.lnk
2021-03-31 07:19 - 2021-03-15 21:43 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-30 20:00 - 2021-03-18 21:48 - 000484384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-30 19:59 - 2019-12-07 12:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-30 18:22 - 2021-03-18 21:48 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-03-29 20:24 - 2021-03-12 23:56 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\Sony Channel Editor
2021-03-27 12:57 - 2021-03-16 19:11 - 000000345 _____ C:\Users\Pyrpyl_HP\Downloads\Recent.txt
2021-03-27 10:20 - 2021-03-16 19:12 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\SvanSvan
2021-03-23 20:24 - 2019-12-07 12:03 - 000000000 ____D C:\WINDOWS\servicing
2021-03-21 11:04 - 2020-09-22 11:22 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\Packages
2021-03-21 11:03 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\SystemApps
2021-03-20 21:46 - 2020-10-02 20:48 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-03-19 19:11 - 2020-09-18 22:42 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2021-03-19 19:09 - 2019-12-07 12:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-19 07:20 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\appcompat

==================== Files in the root of some directories ========

2017-01-04 22:48 - 2017-01-10 08:07 - 000000146 _____ () C:\Users\Pyrpyl_HP\AppData\Roaming\gamma_ramp.reg
2015-01-18 00:28 - 2015-01-18 00:28 - 000003584 _____ () C:\Users\Pyrpyl_HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-17 22:18 - 2014-10-17 22:18 - 001065984 _____ () C:\Users\Pyrpyl_HP\AppData\Local\file__0.localstorage
2020-11-29 13:36 - 2020-11-29 13:37 - 000004096 ____H () C:\Users\Pyrpyl_HP\AppData\Local\keyfile3.drm
2014-12-11 14:08 - 2019-04-20 21:58 - 000007603 _____ () C:\Users\Pyrpyl_HP\AppData\Local\Resmon.ResmonCfg
2017-03-17 18:54 - 2017-03-26 11:30 - 000000552 _____ () C:\Users\Pyrpyl_HP\AppData\Local\TroubleshooterConfig.json
2017-01-04 22:48 - 2017-01-04 22:48 - 000017408 _____ () C:\Users\Pyrpyl_HP\AppData\Local\WebpageIcons.db
2018-08-28 18:49 - 2018-08-28 18:49 - 000000000 _____ () C:\Users\Pyrpyl_HP\AppData\Local\{94C7689A-BDF6-46DB-B2BE-AFFA3AF42E15}
2016-06-10 07:30 - 2016-06-10 07:30 - 000000000 _____ () C:\Users\Pyrpyl_HP\AppData\Local\{C101F823-7CF0-464A-9871-F23C7FFC200B}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

Addition.txt 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Pyrpyl_HP (18-04-2021 09:19:31)
Running from C:\Users\Pyrpyl_HP\Desktop
Windows 10 Pro Version 20H2 19042.928 (X64) (2021-03-18 18:57:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-993510031-3225739286-1372905849-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-993510031-3225739286-1372905849-503 - Limited - Disabled)
Guest (S-1-5-21-993510031-3225739286-1372905849-501 - Limited - Disabled)
Pyrpyl_HP (S-1-5-21-993510031-3225739286-1372905849-1000 - Administrator - Enabled) => C:\Users\Pyrpyl_HP
WDAGUtilityAccount (S-1-5-21-993510031-3225739286-1372905849-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {8EAC8D5C-B3AA-95AA-3DF1-2845CDD09CBE}
AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {35CD6CB8-9590-9A24-0741-1337B657D603}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\uTorrent) (Version: 3.5.5.45966 - BitTorrent Inc.)
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{21098ed5-59e9-4203-b79e-63f3c373e022}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{2CA8B2E7-B4B7-4553-83E6-448A543EA5AD}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2104.2083 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.3.21018 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{9F45C615-6D95-47B5-BB0C-D78F6D15DE21}) (Version: 2.0.6.42639 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.7.0.11004 - Avira Operations GmbH & Co. KG)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.21.2018 - BlueStack Systems, Inc.)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
CrystalDiskMark 7.0.0h (HKLM\...\CrystalDiskMark7_is1) (Version: 7.0.0h - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.72 - Google LLC)
HP Battery Check (HKLM-x32\...\HP Battery Check) (Version: 4.1.0.2 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{9646F2DC-B09E-4314-92EC-B3332900A7EE}) (Version: 36.0.191.0 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{AF9F1F16-F6B4-4A66-B789-9F00B40B08AF}) (Version: 43.0.191.0 - HP)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP FTP Plugin (HKLM-x32\...\{7DB5EDF6-8009-4E01-AF0D-4F3E02A0287F}) (Version: 43.0.191.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{07F30E12-A85F-4EA4-A5B3-3728FAB947ED}) (Version: 36.0.191.0 - HP)
HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company)
HP LaserJet MFP M28-M31 Basic Device Software (HKLM\...\{8CA3E0EA-58E1-4CE1-A876-5B8095BAABEF}) (Version: 46.1.2614.17270 - HP Inc.)
HP LaserJet MFP M28-M31 Help (HKLM-x32\...\{0DF6621D-67C2-4E12-A5CF-260E985B8743}) (Version: 0.00.0005 - HP)
HP OneDrive Plugin (HKLM-x32\...\{8ED0A60F-9F44-4B7F-9C88-CC9E0B362628}) (Version: 36.0.191.0 - HP)
HP PageLift (HKLM-x32\...\{FA980A95-8E37-4A80-A49F-3DCBE84B99D1}) (Version: 1.0.12.1 - Hewlett-Packard Company)
HP SFTP Plugin (HKLM-x32\...\{1F0191BF-E339-4192-85D9-C369CA3FE9F1}) (Version: 43.0.191.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{96DB7179-0B69-45E1-A109-3A3A1F5BBCDF}) (Version: 43.0.191.0 - HP)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HydraVision (HKLM-x32\...\{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S OCR (HKLM-x32\...\{3913CCF7-436B-4A7A-A265-62E9FFDD03D9}) (Version: 15.2.10.1114 - HP Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4889 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iVMS-4200(v2.7.1.9) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.7.1.9 - hikvision)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Kodi (HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Kodi) (Version:  - XBMC Foundation)
LiveUpdate 3.2 (Symantec Corporation) (HKLM-x32\...\LiveUpdate) (Version: 3.2.0.68 - Symantec Corporation)
Mediatek MT7630E 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
MEmu (HKLM-x32\...\MEmu) (Version: 7.5.0.0 - Microvirt Software Technology Co. Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.41 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Bulgarian/български (HKLM-x32\...\Office14.OMUI.bg-bg) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AC20CAEC-CC13-4877-A7DC-30BC97936645}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.33 - PDF Complete, Inc)
Product Improvement Study for HP LaserJet MFP M28-M31 (HKLM\...\{5D2E606E-FF54-452E-A000-CE4B122E5BDD}) (Version: 46.1.2614.17270 - HP Inc.)
Ralink Bluetooth Stack (HKLM\...\{B346BD6C-AE56-7DD3-175C-2374C7113BCB}) (Version: 11.0.752.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Registry Repair 5.0.1.114 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.114 - Glarysoft Ltd)
Samsung AllShare (HKLM-x32\...\{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0402-0000-0000000FF1CE}_Office14.OMUI.bg-bg_{19EC17F0-B5A9-45D6-9BDD-E198B4E15CF9}) (Version:  - Microsoft)
Skype version 8.58 (HKLM-x32\...\Skype_is1) (Version: 8.58 - Skype Technologies S.A.)
Sony Channel Editor, версия 1.2 (HKLM-x32\...\{A60B1C02-DF63-43A3-8F45-7B2C6EC065F3}_is1) (Version: 1.2 - Sony Visual Products Europe)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.6.201704121541 - Sony Mobile Communications Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.65 - Synaptics Incorporated)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.8.3 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Unity Web Player (HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\UnityWebPlayer) (Version: 5.3.0f4 - Unity Technologies ApS)
UnLock Root Pro 4.12 (HKLM-x32\...\UnLock Root Pro) (Version: 4.12 - Unlcokroot)
Validity Fingerprint Sensor Driver (HKLM\...\{ADAA7361-54B8-4FC8-804E-94EC6C11ED68}) (Version: 4.5.133.0 - Validity Sensors, Inc.)
Viber (HKLM-x32\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
Web Companion (HKLM-x32\...\{3fc19b52-8061-412a-abd2-3031da95ea5f}) (Version: 7.0.2417.4248 - Lavasoft)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.6.13 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Xperia Companion (HKLM-x32\...\{74C27C4F-BCDF-4D88-8B04-E5C7609AB1EB}) (Version: 1.9.2.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{b677a3f8-01ab-49df-92a8-d039691c0e2d}) (Version: 1.9.2.0 - Sony)
Xperia Companion Service (HKLM\...\{826B080E-3B85-448D-99C3-D843D54ED116}) (Version: 1.9.2.0 - Sony) Hidden
Фотогалерия (HKLM-x32\...\{3AAB928E-40E9-4DC5-A9CC-FB979E1B2C03}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-03-18] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-10-03] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2021-03-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2021-03-22] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.39.4622.0_x64__8wekyb3d8bbwe [2021-03-18] (Microsoft Corporation) [Startup Task]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2021-03-18] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2012-02-22 16:46 - 2012-02-22 16:46 - 001135616 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000027648 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000031232 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000029184 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 004671488 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000686080 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000070656 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000656896 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000105472 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 005717504 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000098816 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000063488 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000012288 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000399826 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000147456 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000290304 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000289792 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000077312 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000450560 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000024064 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000023040 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000054784 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000024064 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000520234 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000152064 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000366592 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000013824 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000017920 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000044032 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000017920 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000133120 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000012288 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2014-04-17 22:14 - 2014-04-17 22:14 - 000153600 _____ (AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH.dll
2014-04-17 22:13 - 2014-04-17 22:13 - 000158720 _____ (AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
2014-04-17 22:13 - 2014-04-17 22:13 - 000075264 _____ (AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraEnu.dll
2013-01-23 21:44 - 2013-01-23 21:44 - 000016216 _____ (Hewlett-Packard Company -> ) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\Shared\Interop.HPQWMIEXLib.dll
2013-01-23 21:43 - 2013-01-23 21:43 - 002452824 _____ (Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll
2013-01-23 21:44 - 2013-01-23 21:44 - 000068440 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\Shared\CaslSmBios.dll
2013-01-23 21:44 - 2013-01-23 21:44 - 000524632 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\Shared\CaslWmi.dll
2021-03-18 21:51 - 2021-03-18 21:51 - 000113496 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] [File is in use] C:\WINDOWS\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
2021-03-18 21:51 - 2021-03-18 21:51 - 000092504 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] [File is in use] C:\WINDOWS\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
2013-03-26 21:12 - 2013-03-26 21:12 - 000056832 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HP.Mobile.Shared.dll
2009-02-03 13:10 - 2009-02-03 13:10 - 000104960 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2013-07-30 08:25 - 2013-07-30 08:25 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2014-08-20 12:01 - 2013-12-20 16:38 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2013-07-30 08:25 - 2013-07-30 08:25 - 000514560 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000765952 _____ (LIBGD Development Team) [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\bgd.dll
2014-09-21 05:06 - 2009-07-14 12:29 - 000271360 ____R (Microsoft Corporation) [File not signed] C:\Windows\System32\oobe\wdscore.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000086070 _____ (Open Source Software community project) [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\pthreadVC2.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000042496 _____ (Samsung Electronics) [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DirectoryScanner.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2021-04-18 05:12:26&iid=2441f25c-e352-47c3-abe9-3ee381184fc1&bName=
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKU\S-1-5-21-993510031-3225739286-1372905849-1000 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\ProgramData\Oracle\Java\javapath;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\HP\Common\HPDestPlgIn\;C:\Program Files (x86)\HP\IdrsOCR_15.2.10.1114\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pyrpyl_HP\Downloads\meadow_sunset_-wallpaper-1366x768.jpg
DNS Servers: 172.16.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

Network Binding:
=============
Local Area Connection 3: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled) 
Wi-Fi: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled) 
Local Area Connection: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^Users^Pyrpyl_HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JB.PARANOID.bravo_INT2SD _v.0.3.zip.lnk => C:\Windows\pss\JB.PARANOID.bravo_INT2SD _v.0.3.zip.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Norton Ghost 15.0 => "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Power2GoExpress8 => NA

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CC8748B3-6EEA-43B5-8BC0-E868377B6ECE}C:\users\pyrpyl_hp\appdata\local\viber\viber.exe] => (Allow) C:\users\pyrpyl_hp\appdata\local\viber\viber.exe (Viber Media S.à r.l. -> Viber Media S.à r.l.)
FirewallRules: [TCP Query User{273A53A0-397F-4399-A0EA-49BD0196473C}C:\users\pyrpyl_hp\appdata\local\viber\viber.exe] => (Allow) C:\users\pyrpyl_hp\appdata\local\viber\viber.exe (Viber Media S.à r.l. -> Viber Media S.à r.l.)
FirewallRules: [{F41288DB-A3CE-4436-9EE4-74B9E438A4C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B9D2D8A5-83C8-4E50-A532-C68FBD854140}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4C211D2B-D0A9-4B8B-8FBC-AEB7B5F71036}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1311AC96-28CF-4859-BFA5-D9B0184236D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{6874688B-5FC4-4594-B372-BD7019D5AB7E}C:\users\pyrpyl_hp\appdata\local\viber\qtwebengineprocess.exe] => (Allow) C:\users\pyrpyl_hp\appdata\local\viber\qtwebengineprocess.exe (Viber Media S.à r.l. -> The Qt Company Ltd.)
FirewallRules: [TCP Query User{FFBEAB7F-E331-41DE-AC3A-C484DEC896FC}C:\users\pyrpyl_hp\appdata\local\viber\qtwebengineprocess.exe] => (Allow) C:\users\pyrpyl_hp\appdata\local\viber\qtwebengineprocess.exe (Viber Media S.à r.l. -> The Qt Company Ltd.)
FirewallRules: [UDP Query User{69CFE0B4-F994-41E0-8CC8-ADBF07305B19}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe () [File not signed]
FirewallRules: [TCP Query User{446FBC70-85E3-4188-87F2-9E11B4FEE1D5}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe () [File not signed]
FirewallRules: [UDP Query User{7E02F2A8-6AB9-4AFF-9DFA-60F3A2070C5A}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{84F98222-DDA9-4E32-B0F1-5CBDF444D765}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [{B6135F24-EC60-4882-80D8-BCED446E9F02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{837C914B-B849-4A8C-91EE-147DC5CD887E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{77FC6A0A-C1DA-472D-93A7-20FC3A93E8D2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{04B110BD-9286-49A9-9F34-C1FBC5840EA5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{44FCBED9-3B8E-42D2-8696-C1E3C1DC22DB}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{EB16DD33-EA19-47D7-A4BE-D69B043556FE}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{74C59F99-B422-46A7-BF8F-A266FAB63A78}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{3636DD74-D6AB-4803-95D6-8EC72A5ECBE1}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{DA35BEAE-D06A-4864-9C0C-625AFCFDD9E6}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{C93B4FBB-B2C6-4DB8-A714-388B8CDF8E64}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{20C11392-D102-4962-BD90-EA8D3351825B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5608E4EE-27AB-4218-A779-8E7664A529AF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D708187D-39FD-458D-B357-FC8620CA805D}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{CE77C007-51CA-446E-BF58-76C2ABC226AF}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{BCB89AEE-EDAC-47EB-B08F-4EE397A33745}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{8AD12C81-8718-4BC8-B534-D3FDA060BD50}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{22F4D029-4E51-48CE-A5FA-A7A7FEB3B5A1}] => (Allow) LPort=5357
FirewallRules: [{590E6D4F-0F79-4110-9637-A7855BED20B7}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{6A6B6270-FA06-4884-8932-6CCEF47A2D39}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{F21A997F-EF5E-4BC9-BF5B-8DA1D61A3732}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\bin\EWSProxy.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{6C59D8DB-3030-47C7-84A6-AC523A1EB767}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc.) [File not signed]
FirewallRules: [{CDABA8BC-AF4D-45AF-8465-ECD719020281}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony) [File not signed]
FirewallRules: [{BC57253B-B18B-4BF6-8C92-491599DA2597}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe (Sony Mobile Communications -> )
FirewallRules: [{3492A51A-4096-4B9C-9FFB-428F38454063}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe (Sony Mobile Communications -> )
FirewallRules: [{47795ED5-7200-4C1F-86E0-355CA24AB86F}] => (Allow) LPort=1900
FirewallRules: [{C01E67AC-6589-4C6A-97B4-4F81C5ACB834}] => (Allow) LPort=2869
FirewallRules: [{3D08827F-1C73-4962-8932-5D4724C810CA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0FF0DE7E-426C-48F3-BD27-0F19305E7632}C:\users\pyrpyl_hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pyrpyl_hp\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{D96F8B51-503E-4A7C-AE2A-6733D889C599}C:\users\pyrpyl_hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pyrpyl_hp\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0D5E6EBB-78F9-4072-A67E-EC444BF470DE}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe (TeamExtreme) [File not signed]
FirewallRules: [{394201A7-8BA4-4A57-BC6C-62A43960F5C8}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe (TeamExtreme) [File not signed]
FirewallRules: [{889CA730-E5E7-4835-AB0C-723111BDEB24}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe (TeamExtreme) [File not signed]
FirewallRules: [{F9066B61-9EC9-4FD7-9CCC-299361C0C67C}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe (TeamExtreme) [File not signed]
FirewallRules: [UDP Query User{822E41B9-C6A9-424B-9A92-31529E40D8FD}G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe] => (Allow) G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [TCP Query User{E293F24D-0385-4587-BC2A-44BECEF9E244}G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe] => (Allow) G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [TCP Query User{F3238335-A324-4085-AA69-5A62B70F2E43}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{56CC1386-60F3-4C57-8337-1A67C320EE72}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{F567F32B-DC18-4E30-A504-6E160F75EABC}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [UDP Query User{C679A516-6FC9-47BD-9C35-139DBDC47466}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [{977F26C5-E411-4365-87E8-C82B1AE62364}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{6E76155E-BCAC-41C8-83C9-02278FAC891B}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{579A9700-0220-4FB0-8AF8-6FF565363262}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{87B07CFF-9C6F-4677-B8B5-AA4F653AFE8B}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{44F606E4-9FCF-4DAB-B573-B752D1CB3345}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4441728B-0242-45B7-A5D4-A6FAE4C5EA99}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9205CA75-3436-481F-869D-76E5E939312F}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AFDCEA3B-3FD7-4893-B526-87D6DEC0D57C}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{95BC06BB-17A0-417D-A1FB-28E0B4658F4E}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{765E33B4-4949-493D-BFF8-914B9952B18C}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)

==================== Restore Points =========================

31-03-2021 19:05:13 Scheduled Checkpoint
07-04-2021 18:20:39 Revo Uninstaller Pro's restore point - Google Chrome
09-04-2021 07:35:15 09.04
16-04-2021 18:36:54 Windows Modules Installer
17-04-2021 21:25:03 AdwCleaner_BeforeCleaning_17/04/2021_21:24:59

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/18/2021 05:44:25 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft Office Office 64-bit Components 2010 - Update 'Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\MSI5c940.LOG.

Error: (04/18/2021 01:25:36 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (I:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/18/2021 01:25:16 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (G:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/18/2021 01:25:15 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Restore (H:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/18/2021 01:25:14 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on Multimedia (D:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/18/2021 01:24:43 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (F:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/17/2021 11:52:25 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft Office Office 64-bit Components 2010 - Update 'Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\MSI385dc.LOG.

Error: (04/17/2021 09:29:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: VProSvc.exe, version: 15.0.1.36526, time stamp: 0x4b8e6c9a
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x26452a2a
Exception code: 0xe06d7363
Fault offset: 0x0012a6e2
Faulting process id: 0x2814
Faulting application start time: 0x01d733b7931f9d09
Faulting application path: C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 52d78ed9-4c0f-4958-bbbd-335ca07bbd5e
Faulting package full name: 
Faulting package-relative application ID:


System errors:
=============
Error: (04/18/2021 05:44:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition.

Error: (04/17/2021 11:52:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition.

Error: (04/17/2021 11:31:58 PM) (Source: DCOM) (EventID: 10010) (User: Pyrpyl_HP-PC)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (04/17/2021 10:09:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (04/17/2021 10:09:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\PYRPYL~1\AppData\Local\Temp\ehdrv.sys

Error: (04/17/2021 10:09:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (04/17/2021 10:09:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\PYRPYL~1\AppData\Local\Temp\ehdrv.sys

Error: (04/17/2021 10:09:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading


CodeIntegrity:
===============
Date: 2021-04-17 21:31:21
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragentwin7.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-04-17 21:29:24
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\CastSrv.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-04-17 10:54:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2021-04-17 10:54:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2021-04-17 10:54:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: Hewlett-Packard L74 Ver. 01.47 07/30/2018
Motherboard: Hewlett-Packard 1942
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 62%
Total physical RAM: 7625.11 MB
Available physical RAM: 2885.71 MB
Total Virtual: 13625.11 MB
Available Virtual: 8598.29 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:215.03 GB) (Free:76.9 GB) NTFS
Drive d: (Multimedia) (Fixed) (Total:622.93 GB) (Free:281.36 GB) NTFS
Drive e: () (Fixed) (Total:7.79 GB) (Free:7.49 GB) FAT32 ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:7.81 GB) (Free:7.44 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Fixed) (Total:7.81 GB) (Free:7.57 GB) NTFS
Drive h: (Restore) (Fixed) (Total:97.66 GB) (Free:94.18 GB) NTFS
Drive i: () (Fixed) (Total:195.31 GB) (Free:53.27 GB) NTFS

\\?\Volume{00014549-0000-0000-0000-10b637000000}\ () (Fixed) (Total:0.72 GB) (Free:0.14 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2AF29C89)
Partition 1: (Not Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=720.6 GB) - (Type=0F Extended)

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 223.6 GB) (Disk ID: 00014549)
Partition 1: (Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=215 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=733 MB) - (Type=27)

==================== End of Addition.txt =======================

Линк към този отговор
Сподели в други сайтове

?!?😬 Изтеглих uTorrent от линк на вашият сайт и го пуснах "https://www.kaldata.com/софтуер/µtorrent-51143.html". и сега ми цъфна и това от прикачената екранна снимка - недоумявам. Нищо  друго не съм инсталирал.

Untitled.jpg

Линк към този отговор
Сподели в други сайтове

Деинсталиране на нежелани / ненужни програми:

  • Натиснете клавишна комбинация   WindowsKey.png + R на клавиатурата си едновременно. Напишете (копирайте) в полето appwiz.cpl и кликнете върху OK.
  • В отворилия се списък с инсталирани програми,  деинсталирайте  програмите от карето по долу:
Цитат

Web Companion

LiveUpdate 

 

+ отново:

 

FRST сканиране

    Щракнете двукратно върху FRST.exe / FRST64.exe, за да го стартирате.
    Натиснете бутона за image.png.e4ea07ecfc9acbc1a7ac79c624db8810.png сканиране.
    Когато приключи, той ще създаде  два лог файла с името FRST.txt и Addition.txt, в същата директория, от която е стартиран инструментът.
    Моля, копирайте и поставете журналите в следващия си отговор.

 

 

Дневници 

В следващия си отговор, моля да включите (като копирате целите съдържания ) следните дневници:

  • FRST.txt (копирате цялото съдържание)
  • Addition.txt (копирате цялото съдържание)
преди 8 минути, pyrpyl написа:

?!?😬 Изтеглих uTorrent от линк на вашият сайт и го пуснах "https://www.kaldata.com/софтуер/µtorrent-51143.html". и сега ми цъфна и това от прикачената екранна снимка - недоумявам. Нищо  друго не съм инсталирал.

 

Ами то ви е питало ...и като не сте обърнали внимание ...и сте давали next , next ....! 

Линк към този отговор
Сподели в други сайтове

Явно ме е питало, и още съм спал.....😴

Качвам новите логове:

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-04-2021
Ran by Pyrpyl_HP (administrator) on PYRPYL_HP-PC (Hewlett-Packard HP ProBook 450 G1) (18-04-2021 10:09:31)
Running from C:\Users\Pyrpyl_HP\Desktop
Loaded Profiles: Pyrpyl_HP
Platform: Windows 10 Pro Version 20H2 19042.928 (X64) Language: English (United States)
Default browser: Chrome
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() [File not signed] C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
(Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
(BlueStack Systems, Inc. -> BlueStack Systems, Inc.) C:\ProgramData\BlueStacks\Client\Bluestacks.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler.exe
(Google LLC -> Google LLC) C:\Program Files (x86)\Google\Update\1.3.36.72\GoogleCrashHandler64.exe
(Google LLC -> Google LLC) C:\Program Files\Google\Chrome\Application\chrome.exe <11>
(Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Hewlett-Packard Company -> Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation - Intel® Management Engine Firmware -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation - Software and Firmware Products -> Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation -> Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel(R) Corporation) [File not signed] C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe <2>
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2101.10.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\CastSrv.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <4>
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\oobe\UserOOBEBroker.exe
(Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Windows Hardware Compatibility Publisher -> AMD) C:\Windows\System32\atiesrxx.exe
(PDF Complete Inc. -> PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe
(Shanghai Microvirt Software Technology Co., Ltd. -> ) C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe
(Sony Mobile Communications AB -> Sony) [File not signed] C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe
(Symantec Corporation -> Symantec) C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated -> Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TeamViewer Germany GmbH -> TeamViewer Germany GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Validity Sensors, Inc -> Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(上海迈微软件科技有限公司 -> ) C:\Program Files (x86)\Microvirt\MEmu\adb.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-30] (Intel Corporation - Intel® Rapid Storage Technology -> Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-12-10] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [336672 2014-05-16] (Hewlett-Packard Company -> Hewlett-Packard Company)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation - Software and Firmware Products -> Intel Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [706192 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-19\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\...\RunOnce: [mctadmin] => C:\Windows\System32\mctadmin.exe
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD) [File not signed]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [] => [X]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Policies\system: [shell] explorer.exe <==== ATTENTION
HKLM\...\Print\Monitors\HP bf2a Status Monitor: C:\WINDOWS\system32\hpinkstsbf2aLM.dll [468104 2017-09-15] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\HP Discovery Port Monitor (HP LaserJet MFP M28-M31): C:\WINDOWS\system32\HPDiscoPMbf2a.dll [988808 2017-09-27] (Hewlett Packard -> HP Inc.)
HKLM\...\Print\Monitors\PDFC: C:\WINDOWS\system32\pdfc_port.dll [27680 2018-02-01] (PDF Complete Inc. -> PDF Complete, Inc.)
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\90.0.4430.72\Installer\chrmstp.exe [2021-04-16] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{503739d0-4c5e-4cfd-b3ba-d881334f0df2}] -> 
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION

==================== Scheduled Tasks (Whitelisted) ============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09DE343A-923D-457B-A19A-1CC1BA23DF8E} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {0D69FE61-9E05-4921-A131-738DE4FA3FFD} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe
Task: {10D6F81F-4DB2-468A-BF62-F0057368B640} - System32\Tasks\{BA76E13E-4B26-46BB-8DA7-C23F3BB399E9} => "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.12.0.101/bg/abandoninstall?page=tsMain
Task: {10E6C7F1-F9E1-416F-B258-DACE319E3EE8} - System32\Tasks\AviraSystemSpeedupUpdate => C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe [30108424 2020-09-18] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {197783D4-6197-4990-A646-10DBC1C72FB5} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {269998F4-A2B8-4814-9FAF-A0EC9F415CAD} - System32\Tasks\Avira_Antivirus_Systray => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [2651216 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
Task: {2BA14D5D-3922-4660-BCE2-23CD6BDF5C7A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {2C07239C-9520-4358-AC2E-185790608859} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {34BE26F8-3A74-408E-9993-A37840EBA599} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {3C77CBFA-C780-4C31-BEA2-1BF94577FE9F} - System32\Tasks\Games\UpdateCheck_S-1-5-21-993510031-3225739286-1372905849-1000 => {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
Task: {3CCD2BA6-A010-4578-99DC-3F17A380D6FF} - System32\Tasks\Microsoft\Windows\SideShow\AutoWake => {E51DFD48-AA36-4B45-BB52-E831F02E8316}
Task: {427B583D-574F-4108-9554-A922314E01F6} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {46712367-02F3-4136-9154-A2C5979CBE11} - System32\Tasks\{93AC3200-379F-464B-97BB-80812FCDB50B} => "c:\program files (x86)\google\chrome\application\chrome.exe" http://ui.skype.com/ui/0/7.18.0.112/bg/abandoninstall?page=tsMain
Task: {486D715E-6AA2-44CF-BC48-B6990CBB53C6} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControlsMigration => {343D770D-7788-47C2-B62A-B7C4CED925CB}
Task: {48EB919D-C171-47D0-B655-DCABE88B157F} - System32\Tasks\{692E0DA6-4F21-4A4E-954E-6BC10623F594} => C:\Windows\system32\pcalua.exe -a C:\Users\Pyrpyl_HP\Downloads\sp92303.exe -d C:\Users\Pyrpyl_HP\Downloads
Task: {4CE03A4B-1EC3-4280-A83A-61A40EA4CB7E} - System32\Tasks\BlueStacksHelper => C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe [752136 2020-06-18] (BlueStack Systems, Inc. -> BlueStack Systems, Inc.)
Task: {4FD0251C-8678-4BA6-A3C4-1883D514D168} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {53F33F12-2392-48DC-AF08-1713C6695ABF} - System32\Tasks\Wise Memory Optimizer Task => C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe
Task: {55ACEAC9-B45C-4BDE-868B-ED389A0127CE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {597D89DF-509E-4DE8-870F-324DEE39F3B6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {5B42DD9C-5A26-4F27-BB95-34603F0997E5} - System32\Tasks\Microsoft\Windows\Shell\WindowsParentalControls => {DFA14C43-F385-4170-99CC-1B7765FA0E4A}
Task: {5F174538-491F-48DC-917A-C2797DC61A40} - System32\Tasks\{FC398F30-11A1-4268-B1D5-6C88ECB38A18} => "c:\program files (x86)\google\chrome\application\chrome.exe" https://ui.skype.com/ui/0/7.29.0.102/bg/abandoninstall?page=tsMain
Task: {5F3792AB-E772-4D3B-903E-718D820D2751} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {6233C94B-FC7A-4487-BAC2-141F54AF9B7B} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {6859A8BE-DE27-4A1C-85E1-E825883FBD06} - System32\Tasks\HPCustPartic.exe_{7F6EA2B9-DE57-47E3-9219-5C7EDA728796} => C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\HPCustPartic.exe [6662792 2017-09-27] (Hewlett Packard -> HP Inc.)
Task: {68A6AD42-8AED-4E5C-A651-3E70FC10482F} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {70A78064-6BC2-4EB4-A22B-9D18BBA8E3C3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {763A6A0C-8A34-4622-B10A-64B1E5747172} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-07] (Google LLC -> Google LLC)
Task: {874C85F7-4904-4824-AAFC-4ED7D313F4D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9E358439-CFE9-4C93-BB31-0DB3A24B7E0B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe
Task: {A0E19528-46D7-4AE4-BAF1-A5E0E3E38E39} - System32\Tasks\Microsoft\Windows\SideShow\SessionAgent => {45F26E9E-6199-477F-85DA-AF1EDFE067B1}
Task: {A4128A31-CA5B-4B7F-9649-0CF3D4DEEA5D} - System32\Tasks\Microsoft\Windows\SideShow\SystemDataProviders => {7CCA6768-8373-4D28-8876-83E8B4E3A969}
Task: {A46FA47C-F2FF-42DB-ABD0-37240F66E7FA} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {A6AAB681-680B-467E-9F35-70D303E10D0A} - System32\Tasks\Microsoft\Windows\SideShow\GadgetManager => {FF87090D-4A9A-4F47-879B-29A80C355D61}
Task: {A900BA21-CEDC-4347-ABDF-9D9903C653F6} - System32\Tasks\WiseCleaner\WMOSkipUAC => C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe
Task: {B0CBAB43-44FC-469B-A4CE-87426761FDCE} - System32\Tasks\Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor => {EA9155A3-8A39-40B4-8963-D3C761B18371}
Task: {B57620A2-D908-4CE7-B212-5604504501C3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {C3EEEACC-9B0D-420E-AE66-5C037764C630} - System32\Tasks\{4A28086F-96B1-47FB-9E38-E5C64C70F1D2} => "c:\program files (x86)\google\chrome\application\chrome.exe" https://ui.skype.com/ui/0/7.40.0.104/bg/abandoninstall?page=tsMain
Task: {C43255BD-C6A2-4DB0-A8A2-A934D5FB01B9} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task => {3519154C-227E-47F3-9CC9-12C3F05817F1}
Task: {C918C3E9-E264-4489-9479-BD246A57509B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {CE77CBF7-732D-42FF-A3D4-6D7021D65E7F} - System32\Tasks\Microsoft\Windows\MobilePC\HotStart => {06DA0625-9701-43DA-BFD7-FBEEA2180A1E}
Task: {D34A8E61-02D9-471D-9391-8D7936DFFE28} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {DB410C21-3508-4B6A-8EDD-EF8DE185DEE9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [154440 2021-04-07] (Google LLC -> Google LLC)
Task: {DCE3F822-2B87-421B-AFF2-57F0FF6A2194} - System32\Tasks\HPCustParticipation HP LaserJet MFP M28-M31 => C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\HPCustPartic.exe [6662792 2017-09-27] (Hewlett Packard -> HP Inc.)
Task: {EC6BDB05-B5B2-4C2A-9106-E3DF93A9729A} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {F0AB67C0-EC77-4DCC-B513-79B88076961A} - System32\Tasks\Opera scheduled Autoupdate 1416161631 => G:\Programs\Opera\launcher.exe
Task: {F6F75990-CAE3-4489-A521-6E18366BE7DE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FA13C64C-0CF8-4366-AE99-83BCABE0A2B4} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FCFBA840-F5C6-441E-B928-34198B2A1556} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Wise Memory Optimizer Task.job => C:\Program Files (x86)\Wise\Wise Memory Optimizer\WiseMemoryOptimzer.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.16.1.1
Tcpip\..\Interfaces\{8c644601-063f-4abe-8bb6-f2f7f50a5359}: [DhcpNameServer] 172.16.1.1
Tcpip\..\Interfaces\{E3DE5057-8568-4811-8439-B2FF78B3C830}: [DhcpNameServer] 172.16.1.1

Edge: 
=======
Edge DefaultProfile: Default
Edge Profile: C:\Users\Pyrpyl_HP\AppData\Local\Microsoft\Edge\User Data\Default [2021-04-18]
Edge Extension: (Video Download Pro) - C:\Users\Pyrpyl_HP\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\iealfojfpcnjahnjbdklmljbilnnncdd [2020-12-22]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel® Identity Protection Technology Software -> Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50918.0\npctrl.dll [2018-10-23] (Microsoft Corporation ->  Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: Web Components -> C:\Program Files (x86)\Web Components\npWebVideoPlugin.dll [2016-12-07] (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FF Plugin HKU\S-1-5-21-993510031-3225739286-1372905849-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Pyrpyl_HP\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-07] (Unity Technologies SF -> Unity Technologies ApS)

Chrome: 
=======
CHR Profile: C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default [2021-04-18]
CHR Notifications: Default -> hxxps://www.kaldata.com
CHR HomePage: Default -> hxxp://192.168.0.100/
CHR StartupUrls: Default -> "hxxps://tvn.bg/"
CHR Extension: (Slides) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2021-04-07]
CHR Extension: (Docs) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2021-04-07]
CHR Extension: (Google Drive) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2021-04-07]
CHR Extension: (YouTube) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2021-04-07]
CHR Extension: (Adblock Plus - free ad blocker) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2021-04-07]
CHR Extension: (Sheets) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2021-04-07]
CHR Extension: (Google Docs Offline) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2021-04-15]
CHR Extension: (AdBlock — best ad blocker) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2021-04-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2021-04-07]
CHR Extension: (Gmail) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2021-04-07]
CHR Extension: (Chrome Media Router) - C:\Users\Pyrpyl_HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2021-04-16]

Opera: 
=======
StartMenuInternet: (HKLM) OperaStable - G:\Programs\Opera\Launcher.exe

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1208432 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntivirProtectedService; C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe [537472 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [484904 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [484904 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [575776 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [634768 2021-04-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraOptimizerHost; C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe [2988544 2020-06-03] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 AviraPhantomVPN; C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe [383976 2021-03-27] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S2 AviraUpdaterService; C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe [159080 2021-04-13] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 GenericMount Helper Service; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2227216 2010-02-12] (Symantec Corporation -> Symantec)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe [683296 2014-05-16] (Hewlett-Packard Company -> Hewlett-Packard Company)
R3 hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [1006424 2013-01-23] (Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed]
R2 Intel(R) Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
R2 MEmuSVC; C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe [85304 2019-09-12] (Shanghai Microvirt Software Technology Co., Ltd. -> )
S2 Norton Ghost; C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation -> Symantec Corporation)
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1795136 2018-02-01] (PDF Complete Inc. -> PDF Complete Inc)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [5361256 2021-03-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{7C6B734B-F40D-4C7E-9C4C-95715C0D84F9} [21312 2021-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe /Processid:{7C6B734B-F40D-4C7E-9C4C-95715C0D84F9} [21312 2021-03-18] (Microsoft Windows -> Microsoft Corporation)
R3 SymSnapService; C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2963960 2009-09-21] (Symantec Corporation -> Symantec)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [13086224 2020-07-20] (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [3004048 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103384 2019-12-07] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 XperiaCompanionService; C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe [2201440 2017-11-09] (Sony Mobile Communications AB -> Sony) [File not signed]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AIDA64Driver; D:\Programs\AIDA64Portable\App\AIDA64Extreme\kerneld.x64 [34136 2014-07-29] (FinalWire -> )
R0 avdevprot; C:\WINDOWS\System32\DRIVERS\avdevprot.sys [78936 2020-09-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S0 avelam; C:\WINDOWS\System32\drivers\avelam.sys [22336 2020-09-22] (Microsoft Windows Early Launch Anti-malware Publisher -> Avira Operations GmbH & Co. KG)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [209744 2021-04-04] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [199312 2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [46704 2020-09-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [89736 2020-09-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\WINDOWS\System32\Drivers\avusbflt.sys [45472 2020-09-22] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
S3 BstkDrv; C:\Program Files (x86)\BlueStacks\BstkDrv.sys [269408 2018-06-21] (Bluestack Systems, Inc. -> Bluestack System Inc.)
S3 BthA2dp; C:\WINDOWS\System32\drivers\BthA2dp.sys [279040 2019-12-07] (Microsoft Corporation) [File not signed]
R1 CLVirtualDrive; C:\WINDOWS\System32\DRIVERS\CLVirtualDrive.sys [90608 2011-12-26] (CyberLink -> CyberLink)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [102368 2012-09-20] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
R3 GenericMount; C:\WINDOWS\System32\drivers\GenericMount.sys [66608 2010-02-12] (Symantec Corporation -> Symantec Corporation)
S3 htcnprot; C:\WINDOWS\system32\DRIVERS\htcnprot.sys [36928 2013-10-17] (HTC Corp. -> Windows (R) Win 7 DDK provider)
R3 m76usb; C:\WINDOWS\System32\drivers\m76usb.sys [563360 2015-06-03] (MEDIATEK INC. -> Ralink Technology Corp.)
R1 MEmuDrv; C:\WINDOWS\system32\DRIVERS\MEmuDrv.sys [320360 2020-10-09] (Shanghai Microvirt Software Technology Co., Ltd. -> Maiwei Corporation)
R2 NPF; C:\Program Files\iVMS-4200 Station\iVMS-4200\Drivers\npf64.sys [36600 2018-06-02] (Riverbed Technology, Inc. -> Riverbed Technology, Inc.)
R3 phantomtap; C:\WINDOWS\System32\drivers\phantomtap.sys [50248 2020-10-07] (Avira Operations GmbH & Co. KG -> The OpenVPN Project)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] (MiniTool Solution Ltd -> )
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13264 2009-12-21] (MT SOLUTION LTD -> )
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [203104 2012-09-20] (Samsung Electronics CO., LTD. -> DEVGURU Co., LTD.(www.devguru.co.kr))
S3 STHDA; C:\WINDOWS\System32\DRIVERS\stwrt64.sys [551936 2013-11-07] (IDT, Inc.) [File not signed]
R0 symsnap; C:\WINDOWS\System32\DRIVERS\symsnap.sys [170032 2009-09-21] (Symantec Corporation -> StorageCraft)
S3 VProEventMonitor; C:\WINDOWS\System32\DRIVERS\vproeventmonitor.sys [20528 2009-09-21] (Symantec Corporation -> Symantec Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [46688 2019-12-07] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [350136 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [54200 2019-12-07] (Microsoft Windows -> Microsoft Corporation)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [34944 2018-05-11] (HP Inc. -> HP)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-18 10:09 - 2021-04-18 10:10 - 000031507 _____ C:\Users\Pyrpyl_HP\Desktop\FRST.txt
2021-04-18 08:11 - 2021-04-18 10:08 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\LocalLow\uTorrent
2021-04-18 08:11 - 2021-04-18 08:11 - 000002744 _____ C:\Users\Pyrpyl_HP\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2021-04-18 08:10 - 2021-04-18 08:10 - 002133032 _____ (BitTorrent Inc.) C:\Users\Pyrpyl_HP\Downloads\uTorrent.exe
2021-04-18 08:09 - 2021-04-18 08:19 - 000001066 _____ C:\Users\Pyrpyl_HP\Desktop\New Text Document (4).txt
2021-04-18 06:59 - 2021-04-18 06:59 - 000026276 _____ C:\Users\Pyrpyl_HP\Desktop\eset.txt
2021-04-17 22:04 - 2021-04-17 22:04 - 000000818 _____ C:\Users\Pyrpyl_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ESET Online Scanner.lnk
2021-04-17 22:04 - 2021-04-17 22:04 - 000000672 _____ C:\Users\Pyrpyl_HP\Desktop\ESET Online Scanner.lnk
2021-04-17 22:04 - 2021-04-17 22:04 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\ESET
2021-04-17 21:22 - 2021-04-17 21:25 - 000000000 ____D C:\AdwCleaner
2021-04-17 21:20 - 2021-04-17 21:20 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Pyrpyl_HP\Desktop\esetonlinescanner.exe
2021-04-17 21:19 - 2021-04-17 21:18 - 008534696 _____ (Malwarebytes) C:\Users\Pyrpyl_HP\Desktop\adwcleaner_8.2.exe
2021-04-17 21:18 - 2021-04-17 21:20 - 015019488 _____ (ESET spol. s r.o.) C:\Users\Pyrpyl_HP\Downloads\esetonlinescanner.exe
2021-04-17 21:18 - 2021-04-17 21:18 - 008534696 _____ (Malwarebytes) C:\Users\Pyrpyl_HP\Downloads\adwcleaner_8.2.exe
2021-04-17 20:58 - 2021-04-17 20:58 - 000000008 __RSH C:\ProgramData\ntuser.pol
2021-04-17 20:55 - 2021-04-17 20:55 - 000010124 _____ C:\Users\Pyrpyl_HP\Desktop\Fixlog.txt
2021-04-16 18:49 - 2021-04-16 18:49 - 001823304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2021-04-16 18:49 - 2021-04-16 18:49 - 000231248 _____ C:\WINDOWS\system32\containerdevicemanagement.dll
2021-04-16 18:49 - 2021-04-16 18:49 - 000011357 _____ C:\WINDOWS\system32\DrtmAuthTxt.wim
2021-04-16 18:26 - 2021-04-16 18:26 - 003111748 _____ C:\WINDOWS\Minidump\041621-10625-01.dmp
2021-04-13 06:25 - 2021-04-13 06:25 - 003023388 _____ C:\WINDOWS\Minidump\041321-10953-01.dmp
2021-04-11 05:54 - 2021-04-11 05:54 - 002196092 _____ C:\WINDOWS\Minidump\041121-8796-01.dmp
2021-04-10 18:49 - 2021-04-10 18:50 - 001742060 _____ C:\WINDOWS\Minidump\041021-15828-01.dmp
2021-04-09 13:28 - 2021-04-09 13:28 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\Viber
2021-04-09 07:46 - 2021-04-18 07:12 - 000000000 ____D C:\Users\Pyrpyl_HP\.MemuHyperv
2021-04-09 07:46 - 2021-04-09 07:46 - 000001150 _____ C:\Users\Pyrpyl_HP\Desktop\MEmu.lnk
2021-04-09 07:46 - 2021-04-09 07:46 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEmu
2021-04-09 07:45 - 2021-04-09 07:46 - 000000000 ____D C:\Program Files (x86)\Microvirt
2021-04-08 07:08 - 2021-04-08 07:08 - 000066623 _____ C:\Users\Pyrpyl_HP\Downloads\___Orders (2).pdf
2021-04-07 18:30 - 2021-04-16 06:34 - 000002247 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2021-04-07 18:30 - 2021-04-07 18:30 - 000000000 ____D C:\Program Files\Google
2021-04-07 18:26 - 2021-04-07 18:26 - 000003418 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineUA
2021-04-07 18:26 - 2021-04-07 18:26 - 000003294 _____ C:\WINDOWS\system32\Tasks\GoogleUpdateTaskMachineCore
2021-04-07 15:30 - 2021-04-07 15:30 - 000048748 _____ C:\Users\Pyrpyl_HP\Downloads\642 TEZ Ruse - stoka  - 15.03.21.pdf
2021-04-06 09:34 - 2021-04-06 09:34 - 000068073 _____ C:\Users\Pyrpyl_HP\Downloads\Proforma Advance payment
2021-04-06 09:33 - 2021-04-06 09:33 - 000000147 _____ C:\Users\Pyrpyl_HP\Downloads\untitled1.1.txt
2021-04-06 09:32 - 2021-04-06 09:32 - 000000147 _____ C:\Users\Pyrpyl_HP\Downloads\REMINDER_ Proforma Advance payment.txt
2021-04-05 23:02 - 2021-04-05 23:02 - 000573733 _____ C:\Users\Pyrpyl_HP\Downloads\192700128.pdf
2021-04-05 23:01 - 2021-04-05 23:01 - 000537680 _____ C:\Users\Pyrpyl_HP\Downloads\192700139.pdf
2021-04-05 22:58 - 2021-04-05 22:58 - 000547601 _____ C:\Users\Pyrpyl_HP\Downloads\192700138.pdf
2021-04-05 22:57 - 2021-04-05 22:57 - 000546357 _____ C:\Users\Pyrpyl_HP\Downloads\192700149.pdf
2021-04-05 22:56 - 2021-04-05 22:56 - 000559576 _____ C:\Users\Pyrpyl_HP\Downloads\192700147.pdf
2021-04-05 22:55 - 2021-04-05 22:55 - 000569999 _____ C:\Users\Pyrpyl_HP\Downloads\192700148 (1).pdf
2021-04-05 22:54 - 2021-04-05 22:54 - 000569999 _____ C:\Users\Pyrpyl_HP\Downloads\192700148.pdf
2021-04-05 22:52 - 2021-04-05 22:52 - 000545351 _____ C:\Users\Pyrpyl_HP\Downloads\192700146.pdf
2021-04-03 11:20 - 2021-04-03 11:20 - 000066623 _____ C:\Users\Pyrpyl_HP\Downloads\___Orders (1).pdf
2021-04-03 11:00 - 2021-04-03 11:00 - 000066623 _____ C:\Users\Pyrpyl_HP\Documents\Решение.pdf
2021-04-03 10:50 - 2021-04-03 10:50 - 000066623 _____ C:\Users\Pyrpyl_HP\Downloads\___Orders.pdf
2021-03-31 21:08 - 2021-04-07 18:26 - 000000000 ____D C:\Program Files (x86)\Google
2021-03-31 20:38 - 2021-04-17 18:55 - 000000000 ____D C:\Users\Pyrpyl_HP\Desktop\FRST-OlderVersion
2021-03-31 18:44 - 2021-03-31 18:44 - 000072452 _____ C:\ProgramData\agent.uninstall.1617205447.bdinstall.v2.bin
2021-03-30 18:50 - 2021-03-30 18:50 - 000116924 _____ C:\ProgramData\agent.1617119425.bdinstall.v2.bin
2021-03-26 18:54 - 2021-03-26 18:54 - 002317652 _____ C:\WINDOWS\Minidump\032621-11343-01.dmp
2021-03-26 07:16 - 2021-03-26 07:17 - 002330524 _____ C:\WINDOWS\Minidump\032621-15500-01.dmp
2021-03-22 07:23 - 2021-03-22 07:23 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\__SHARED
2021-03-21 19:14 - 2021-04-17 22:17 - 000000000 ____D C:\Program Files (x86)\KMSPico 10.2.1 Final
2021-03-20 20:19 - 2021-04-16 18:27 - 000000000 ____D C:\WINDOWS\Minidump
2021-03-20 20:19 - 2021-03-20 20:19 - 001693156 _____ C:\WINDOWS\Minidump\032021-9296-01.dmp
2021-03-20 19:26 - 2021-03-20 19:26 - 005055372 _____ C:\Users\Pyrpyl_HP\Downloads\Tv App Repo_v1.1.4-playstore_apkpure.com.apk
2021-03-20 16:48 - 2021-03-20 16:51 - 080723061 _____ C:\Users\Pyrpyl_HP\Downloads\Hik Connect_v3.11.1.1023_apkpure.com.apk
2021-03-20 16:02 - 2021-03-20 16:06 - 104093144 _____ C:\Users\Pyrpyl_HP\Downloads\Hik-Connect.apk
2021-03-20 15:45 - 2021-03-20 15:45 - 000000165 ____H C:\Users\Pyrpyl_HP\Desktop\~$table.xlsx
2021-03-20 14:25 - 2021-03-20 14:25 - 009083910 _____ C:\Users\Pyrpyl_HP\Downloads\smartyoutubetv_latest.apk
2021-03-20 13:45 - 2021-03-20 13:46 - 063510297 _____ C:\Users\Pyrpyl_HP\Downloads\kodi-18.9-Leia-armeabi-v7a (1).apk
2021-03-19 23:00 - 2021-03-19 23:00 - 000000000 ____D C:\Users\Pyrpyl_HP\Desktop\app
2021-03-19 22:52 - 2021-03-19 22:56 - 063510297 _____ C:\Users\Pyrpyl_HP\Downloads\kodi-18.9-Leia-armeabi-v7a.apk

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2021-04-18 10:09 - 2019-07-21 20:53 - 000000000 ____D C:\FRST
2021-04-18 10:09 - 2015-07-27 12:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2021-04-18 10:08 - 2014-10-12 11:33 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent
2021-04-18 09:58 - 2019-12-07 12:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2021-04-18 07:56 - 2019-04-19 17:41 - 000000000 ____D C:\Users\Pyrpyl_HP\Downloads\MEmu Download
2021-04-18 06:56 - 2021-03-18 21:48 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2021-04-18 01:44 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\Registration
2021-04-18 00:52 - 2018-03-23 07:26 - 000000000 __SHD C:\Users\Pyrpyl_HP\IntelGraphicsProfiles
2021-04-18 00:31 - 2020-06-24 21:34 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\Kodi
2021-04-17 22:35 - 2015-05-10 20:25 - 000000000 ____D C:\WINDOWS\KJ
2021-04-17 22:29 - 2014-09-21 10:54 - 000000000 ____D C:\ProgramData\PDFC
2021-04-17 22:19 - 2014-11-15 14:35 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UnlockRoot Pro
2021-04-17 22:19 - 2014-11-15 14:31 - 000000000 ____D C:\Program Files (x86)\Unlockroot Pro
2021-04-17 21:33 - 2021-03-18 22:00 - 000941190 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2021-04-17 21:33 - 2019-12-07 12:13 - 000000000 ____D C:\WINDOWS\INF
2021-04-17 21:28 - 2021-03-18 21:57 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2021-04-17 21:28 - 2021-03-18 21:48 - 000008192 ___SH C:\DumpStack.log.tmp
2021-04-17 21:28 - 2020-09-22 11:16 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2021-04-17 21:28 - 2020-08-22 20:59 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2021-04-17 21:28 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\ServiceState
2021-04-17 21:28 - 2019-12-07 12:03 - 000524288 _____ C:\WINDOWS\system32\config\BBI
2021-04-17 21:25 - 2017-10-25 19:57 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\Hewlett-Packard
2021-04-17 21:25 - 2014-08-20 12:28 - 000000000 ____D C:\Program Files (x86)\Hewlett-Packard
2021-04-17 21:25 - 2014-08-20 12:27 - 000000000 ____D C:\ProgramData\Hewlett-Packard
2021-04-17 20:55 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2021-04-17 20:55 - 2009-07-14 06:20 - 000000000 ___HD C:\WINDOWS\system32\GroupPolicy
2021-04-17 18:55 - 2019-07-21 20:53 - 002298368 _____ (Farbar) C:\Users\Pyrpyl_HP\Desktop\FRST64.exe
2021-04-17 16:50 - 2019-12-07 12:14 - 000000000 ___HD C:\Program Files\WindowsApps
2021-04-17 16:50 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\AppReadiness
2021-04-17 16:49 - 2020-09-27 09:41 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2021-04-16 22:36 - 2021-03-18 20:36 - 000000000 ____D C:\Users\Pyrpyl_HP
2021-04-16 22:36 - 2019-12-07 12:14 - 000000000 ___SD C:\WINDOWS\system32\DiagSvcs
2021-04-16 22:36 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\oobe
2021-04-16 22:36 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\bcastdvr
2021-04-16 18:52 - 2019-12-07 12:03 - 000000000 ____D C:\WINDOWS\CbsTemp
2021-04-16 18:36 - 2014-09-20 19:14 - 000000000 ____D C:\WINDOWS\system32\MRT
2021-04-16 18:34 - 2014-08-20 12:11 - 000000000 ____D C:\ProgramData\Package Cache
2021-04-16 18:29 - 2014-09-20 19:14 - 131963968 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2021-04-16 18:26 - 2020-09-28 06:28 - 750661766 _____ C:\WINDOWS\MEMORY.DMP
2021-04-15 06:36 - 2020-07-25 09:25 - 000011505 _____ C:\Users\Pyrpyl_HP\Desktop\table.xlsx
2021-04-13 20:54 - 2019-11-23 14:06 - 000000000 ____D C:\iVMS-4200
2021-04-12 18:45 - 2020-06-15 18:38 - 000000000 ____D C:\Users\Pyrpyl_HP\Desktop\Осигуровки
2021-04-12 06:24 - 2021-03-18 21:57 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-993510031-3225739286-1372905849-1000
2021-04-12 06:24 - 2021-03-18 20:36 - 000002417 _____ C:\Users\Pyrpyl_HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2021-04-12 06:24 - 2020-09-22 11:30 - 000000000 ___RD C:\Users\Pyrpyl_HP\OneDrive
2021-04-09 22:05 - 2016-05-07 09:41 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\ViberPC
2021-04-09 07:46 - 2020-10-12 18:05 - 000001189 _____ C:\Users\Pyrpyl_HP\Desktop\Multi-MEmu.lnk
2021-04-09 07:46 - 2019-04-19 17:40 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\Microvirt
2021-04-09 07:46 - 2014-11-15 12:46 - 000000000 ____D C:\Users\Pyrpyl_HP\.android
2021-04-07 18:30 - 2020-10-04 13:36 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\Google
2021-04-04 16:03 - 2020-09-18 22:42 - 000209744 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2021-04-02 23:27 - 2015-05-02 08:44 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\Bigasoft Video Downloader
2021-03-31 21:00 - 2018-08-03 08:10 - 000000717 _____ C:\Users\Pyrpyl_HP\Desktop\New Text Document (3).txt
2021-03-31 18:52 - 2020-09-20 15:40 - 000001324 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk
2021-03-31 18:52 - 2020-09-20 15:40 - 000001312 _____ C:\Users\Public\Desktop\Registry Repair.lnk
2021-03-31 18:52 - 2020-09-20 15:40 - 000001312 _____ C:\ProgramData\Desktop\Registry Repair.lnk
2021-03-31 07:19 - 2021-03-15 21:43 - 000000000 ___DC C:\WINDOWS\Panther
2021-03-30 20:00 - 2021-03-18 21:48 - 000484384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2021-03-30 19:59 - 2019-12-07 12:54 - 000000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\SystemResources
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\setup
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\lv-LV
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\lt-LT
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\inetsrv
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\et-EE
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\system32\es-MX
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\Provisioning
2021-03-30 19:59 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\PolicyDefinitions
2021-03-30 18:22 - 2021-03-18 21:48 - 002877440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2021-03-29 20:24 - 2021-03-12 23:56 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Roaming\Sony Channel Editor
2021-03-27 12:57 - 2021-03-16 19:11 - 000000345 _____ C:\Users\Pyrpyl_HP\Downloads\Recent.txt
2021-03-27 10:20 - 2021-03-16 19:12 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\SvanSvan
2021-03-23 20:24 - 2019-12-07 12:03 - 000000000 ____D C:\WINDOWS\servicing
2021-03-21 11:04 - 2020-09-22 11:22 - 000000000 ____D C:\Users\Pyrpyl_HP\AppData\Local\Packages
2021-03-21 11:03 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\SystemApps
2021-03-20 21:46 - 2020-10-02 20:48 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools
2021-03-19 19:11 - 2020-09-18 22:42 - 000199312 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2021-03-19 19:09 - 2019-12-07 12:03 - 000032768 _____ C:\WINDOWS\system32\config\ELAM
2021-03-19 07:20 - 2019-12-07 12:14 - 000000000 ____D C:\WINDOWS\appcompat

==================== Files in the root of some directories ========

2017-01-04 22:48 - 2017-01-10 08:07 - 000000146 _____ () C:\Users\Pyrpyl_HP\AppData\Roaming\gamma_ramp.reg
2015-01-18 00:28 - 2015-01-18 00:28 - 000003584 _____ () C:\Users\Pyrpyl_HP\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-10-17 22:18 - 2014-10-17 22:18 - 001065984 _____ () C:\Users\Pyrpyl_HP\AppData\Local\file__0.localstorage
2020-11-29 13:36 - 2020-11-29 13:37 - 000004096 ____H () C:\Users\Pyrpyl_HP\AppData\Local\keyfile3.drm
2014-12-11 14:08 - 2019-04-20 21:58 - 000007603 _____ () C:\Users\Pyrpyl_HP\AppData\Local\Resmon.ResmonCfg
2017-03-17 18:54 - 2017-03-26 11:30 - 000000552 _____ () C:\Users\Pyrpyl_HP\AppData\Local\TroubleshooterConfig.json
2017-01-04 22:48 - 2017-01-04 22:48 - 000017408 _____ () C:\Users\Pyrpyl_HP\AppData\Local\WebpageIcons.db
2018-08-28 18:49 - 2018-08-28 18:49 - 000000000 _____ () C:\Users\Pyrpyl_HP\AppData\Local\{94C7689A-BDF6-46DB-B2BE-AFFA3AF42E15}
2016-06-10 07:30 - 2016-06-10 07:30 - 000000000 _____ () C:\Users\Pyrpyl_HP\AppData\Local\{C101F823-7CF0-464A-9871-F23C7FFC200B}

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

 

 

 

Addition.txt

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Pyrpyl_HP (18-04-2021 10:11:08)
Running from C:\Users\Pyrpyl_HP\Desktop
Windows 10 Pro Version 20H2 19042.928 (X64) (2021-03-18 18:57:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-993510031-3225739286-1372905849-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-993510031-3225739286-1372905849-503 - Limited - Disabled)
Guest (S-1-5-21-993510031-3225739286-1372905849-501 - Limited - Disabled)
Pyrpyl_HP (S-1-5-21-993510031-3225739286-1372905849-1000 - Administrator - Enabled) => C:\Users\Pyrpyl_HP
WDAGUtilityAccount (S-1-5-21-993510031-3225739286-1372905849-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Disabled - Up to date) {8EAC8D5C-B3AA-95AA-3DF1-2845CDD09CBE}
AV: Avira Antivirus (Enabled - Up to date) {88AE6B46-DC3C-455A-A21B-085F285A3546}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {35CD6CB8-9590-9A24-0741-1337B657D603}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\uTorrent) (Version: 3.5.5.45966 - BitTorrent Inc.)
7-Zip 4.65 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0465-000001000000}) (Version: 4.65.00.0 - Igor Pavlov)
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avira (HKLM-x32\...\{21098ed5-59e9-4203-b79e-63f3c373e022}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG)
Avira (HKLM-x32\...\{2CA8B2E7-B4B7-4553-83E6-448A543EA5AD}) (Version: 1.2.155.4877 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.2104.2083 - Avira Operations GmbH & Co. KG)
Avira Phantom VPN (HKLM-x32\...\Avira Phantom VPN) (Version: 2.37.3.21018 - Avira Operations GmbH & Co. KG)
Avira Software Updater (HKLM-x32\...\{5FFF909D-D88F-42B9-9A85-328A1290611C}) (Version: 2.0.6.48309 - Avira Operations GmbH & Co. KG)
Avira System Speedup (HKLM-x32\...\Avira System Speedup_is1) (Version: 6.7.0.11004 - Avira Operations GmbH & Co. KG)
BlueStacks App Player (HKLM-x32\...\BlueStacks) (Version: 4.1.21.2018 - BlueStack Systems, Inc.)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.1.0.0 - Electronic Arts)
CrystalDiskMark 7.0.0h (HKLM\...\CrystalDiskMark7_is1) (Version: 7.0.0h - Crystal Dew World)
D3DX10 (HKLM-x32\...\{E09C4DB7-630C-4F06-A631-8EA7239923AF}) (Version: 15.4.2368.0902 - Microsoft) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 90.0.4430.72 - Google LLC)
HP Battery Check (HKLM-x32\...\HP Battery Check) (Version: 4.1.0.2 - Hewlett-Packard)
HP Dropbox Plugin (HKLM-x32\...\{9646F2DC-B09E-4314-92EC-B3332900A7EE}) (Version: 36.0.191.0 - HP)
HP EmailSMTP Plugin (HKLM-x32\...\{AF9F1F16-F6B4-4A66-B789-9F00B40B08AF}) (Version: 43.0.191.0 - HP)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{240B2BF7-E7E6-425C-A2A4-A3149189BF7F}) (Version: 2.3.1 - Hewlett-Packard Company)
HP FTP Plugin (HKLM-x32\...\{7DB5EDF6-8009-4E01-AF0D-4F3E02A0287F}) (Version: 43.0.191.0 - HP)
HP Google Drive Plugin (HKLM-x32\...\{07F30E12-A85F-4EA4-A5B3-3728FAB947ED}) (Version: 36.0.191.0 - HP)
HP Hotkey Support (HKLM-x32\...\{57FA60DA-585F-456A-B80E-17D1CDD22A30}) (Version: 5.0.27.1 - Hewlett-Packard Company)
HP LaserJet MFP M28-M31 Basic Device Software (HKLM\...\{8CA3E0EA-58E1-4CE1-A876-5B8095BAABEF}) (Version: 46.1.2614.17270 - HP Inc.)
HP LaserJet MFP M28-M31 Help (HKLM-x32\...\{0DF6621D-67C2-4E12-A5CF-260E985B8743}) (Version: 0.00.0005 - HP)
HP OneDrive Plugin (HKLM-x32\...\{8ED0A60F-9F44-4B7F-9C88-CC9E0B362628}) (Version: 36.0.191.0 - HP)
HP PageLift (HKLM-x32\...\{FA980A95-8E37-4A80-A49F-3DCBE84B99D1}) (Version: 1.0.12.1 - Hewlett-Packard Company)
HP SFTP Plugin (HKLM-x32\...\{1F0191BF-E339-4192-85D9-C369CA3FE9F1}) (Version: 43.0.191.0 - HP)
HP SharePoint Plugin (HKLM-x32\...\{96DB7179-0B69-45E1-A109-3A3A1F5BBCDF}) (Version: 43.0.191.0 - HP)
HP System Default Settings (HKLM-x32\...\{3A61A282-4F08-4D43-920C-DC30ECE528E8}) (Version: 2.6.1 - Hewlett-Packard Company)
HTC Driver Installer (HKLM-x32\...\{4CEEE5D0-F905-4688-B9F9-ECC710507796}) (Version: 4.17.0.001 - HTC Corporation)
HydraVision (HKLM-x32\...\{89CE7F9B-B4DF-8585-638B-6BD807ADE9C7}) (Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
I.R.I.S OCR (HKLM-x32\...\{3913CCF7-436B-4A7A-A265-62E9FFDD03D9}) (Version: 15.2.10.1114 - HP Inc.)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6496.0 - IDT)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4889 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
IPTInstaller (HKLM-x32\...\{08208143-777D-4A06-BB54-71BF0AD1BB70}) (Version: 4.0.9 - HTC)
iVMS-4200(v2.7.1.9) (HKLM-x32\...\{7697245D-2E00-4B83-AD27-C051DE314D1F}) (Version: 2.7.1.9 - hikvision)
Java 8 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418045F0}) (Version: 8.0.450 - Oracle Corporation)
Kodi (HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Kodi) (Version:  - XBMC Foundation)
Mediatek MT7630E 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.45.0 - Mediatek)
MEmu (HKLM-x32\...\MEmu) (Version: 7.5.0.0 - Microvirt Software Technology Co. Ltd.)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 90.0.818.41 - Microsoft Corporation)
Microsoft Office Language Pack 2010 - Bulgarian/български (HKLM-x32\...\Office14.OMUI.bg-bg) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\OneDriveSetup.exe) (Version: 21.052.0314.0001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50918.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Update Health Tools (HKLM\...\{99FAF70F-9B61-4AB0-9EC0-B31F98FFDC4A}) (Version: 2.75.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{56F27690-F6EA-3356-980A-02BA379506EE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{1b103cea-f037-4504-81de-956057b442c3}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.16.27012 (HKLM-x32\...\{427ada59-85e7-4bc8-b8d5-ebf59db60423}) (Version: 14.16.27012.6 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version:  - )
Movie Maker (HKLM-x32\...\{38F03569-A636-4CF3-BDDE-032C8C251304}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{AC20CAEC-CC13-4877-A7DC-30BC97936645}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Movie Maker (HKLM-x32\...\{DD67BE4B-7E62-4215-AFA3-F123A800A389}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPC-HC 1.7.11 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.11 - MPC-HC Team)
Norton Ghost (HKLM-x32\...\{B0255743-165B-4BD5-8DA8-37DFB9930015}) (Version: 15.0.1.36526 - Symantec Corporation)
PDF Complete Corporate Edition (HKLM-x32\...\PDF Complete) (Version: 4.2.33 - PDF Complete, Inc)
Product Improvement Study for HP LaserJet MFP M28-M31 (HKLM\...\{5D2E606E-FF54-452E-A000-CE4B122E5BDD}) (Version: 46.1.2614.17270 - HP Inc.)
Ralink Bluetooth Stack (HKLM\...\{B346BD6C-AE56-7DD3-175C-2374C7113BCB}) (Version: 11.0.752.0 - Mediatek)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.49 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Registry Repair 5.0.1.114 (HKLM-x32\...\Registry Repair) (Version: 5.0.1.114 - Glarysoft Ltd)
Samsung AllShare (HKLM-x32\...\{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung AllShare (HKLM-x32\...\InstallShield_{DF47ACA3-7C78-4C08-8007-AC682563C9F1}) (Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0402-0000-0000000FF1CE}_Office14.OMUI.bg-bg_{19EC17F0-B5A9-45D6-9BDD-E198B4E15CF9}) (Version:  - Microsoft)
Skype version 8.58 (HKLM-x32\...\Skype_is1) (Version: 8.58 - Skype Technologies S.A.)
Sony Channel Editor, версия 1.2 (HKLM-x32\...\{A60B1C02-DF63-43A3-8F45-7B2C6EC065F3}_is1) (Version: 1.2 - Sony Visual Products Europe)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.17.6.201704121541 - Sony Mobile Communications Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.65 - Synaptics Incorporated)
TeamViewer (HKLM-x32\...\TeamViewer) (Version: 15.8.3 - TeamViewer)
TechPowerUp GPU-Z (HKLM-x32\...\TechPowerUp GPU-Z) (Version:  - TechPowerUp)
Unity Web Player (HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\UnityWebPlayer) (Version: 5.3.0f4 - Unity Technologies ApS)
UnLock Root Pro 4.12 (HKLM-x32\...\UnLock Root Pro) (Version: 4.12 - Unlcokroot)
Validity Fingerprint Sensor Driver (HKLM\...\{ADAA7361-54B8-4FC8-804E-94EC6C11ED68}) (Version: 4.5.133.0 - Validity Sensors, Inc.)
Viber (HKLM-x32\...\{D65DDA75-2C0A-46BA-807D-127BD5638490}) (Version: 6.0.1.5 - Viber Media Inc.) Hidden
Viber (HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\{acc83058-83b0-41e2-b372-266672a1af16}) (Version: 6.0.1.5 - Viber Media Inc.)
Web Components (HKLM-x32\...\{03B13AF8-9625-478A-AF0E-205337B9415A}_is1) (Version: 3.0.6.13 - )
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Xperia Companion (HKLM-x32\...\{74C27C4F-BCDF-4D88-8B04-E5C7609AB1EB}) (Version: 1.9.2.0 - Sony) Hidden
Xperia Companion (HKLM-x32\...\{b677a3f8-01ab-49df-92a8-d039691c0e2d}) (Version: 1.9.2.0 - Sony)
Xperia Companion Service (HKLM\...\{826B080E-3B85-448D-99C3-D843D54ED116}) (Version: 1.9.2.0 - Sony) Hidden
Фотогалерия (HKLM-x32\...\{3AAB928E-40E9-4DC5-A9CC-FB979E1B2C03}) (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Packages:
=========
Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2021-03-18] (Microsoft Corporation)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_115.1.152.0_x64__v10z8vjag6ke6 [2020-10-03] (HP Inc.)
Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2021-03-18] (Microsoft Corporation) [MS Ad]
Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.7.10142.0_x64__8wekyb3d8bbwe [2021-03-22] (Microsoft Studios) [MS Ad]
Microsoft To Do -> C:\Program Files\WindowsApps\Microsoft.Todos_2.39.4622.0_x64__8wekyb3d8bbwe [2021-03-18] (Microsoft Corporation) [Startup Task]
MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2021-03-18] (Microsoft Corporation) [MS Ad]

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [6723984 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ShellExecuteHooks-x32: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [4222864 2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers1: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers1: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers1: [SystemSpeedupFilesMenu] -> {14cb2bd0-2375-3d10-9b5d-5e18865c8959} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers2: [CLVDShellExt] -> {3E2A0A32-6E14-4BAD-AA87-BBB6A75EBFF2} =>  -> No File
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\7-Zip\7-zip.dll [2009-02-03] (Igor Pavlov) [File not signed]
ContextMenuHandlers4: [SystemSpeedupFoldersMenu] -> {700866bb-c8e9-3e71-b359-abb28baed0e8} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\WINDOWS\system32\igfxDTCM.dll [2020-06-04] (Microsoft Windows Hardware Compatibility Publisher -> Intel Corporation)
ContextMenuHandlers5: [SystemSpeedupDesktopMenu] -> {0cab5786-30e8-3185-9b3b-ccefbf1b8afe} => C:\Program Files (x86)\Avira\System Speedup\Avira.SystemSpeedup.UI.ShellExtension.DLL [2020-09-01] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
ContextMenuHandlers6: [Shell Extension for Malware scanning] -> {45AC2688-0253-4ED8-97DE-B5370FA7D48A} => C:\Program Files (x86)\Avira\Antivirus\shlext64.dll [2021-03-19] (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

==================== Loaded Modules (Whitelisted) =============

2012-02-22 16:46 - 2012-02-22 16:46 - 001135616 _____ () [File not signed] [File is in use] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMSWrap.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000027648 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AudioExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000031232 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\Autobackup.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000029184 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AutoChaptering.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 004671488 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avcodec-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000686080 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avformat-52.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000070656 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\avutil-50.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000656896 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ContentDirectoryPresenter.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000105472 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMCDP.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 005717504 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DCMImgExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000098816 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\FolderCDP.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000063488 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ID3Driver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000012288 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ImageExtractor.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000399826 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexif-12.dll.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000147456 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libexpat.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000290304 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libKeyFrame.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000289792 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\libThumbnail.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000077312 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MetadataFramework.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000450560 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\MoodExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000024064 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\photoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000023040 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RichInfoDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000054784 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\RosettaAllShare.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000024064 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\SECMetaDriver.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000520234 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\sqlite3.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000152064 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\swscale-0.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000366592 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\tag.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000013824 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\TextExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000017920 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\ThumbnailMaker.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000044032 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\us.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000017920 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoExtractor.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000133120 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoMetadataDriver.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000012288 _____ () [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\VideoThumb.dll
2018-06-23 13:59 - 2018-06-21 12:50 - 048935936 _____ () [File not signed] C:\ProgramData\BlueStacks\CefData\libcef.dll
2014-04-17 22:14 - 2014-04-17 22:14 - 000153600 _____ (AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH.dll
2014-04-17 22:13 - 2014-04-17 22:13 - 000158720 _____ (AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll
2014-04-17 22:13 - 2014-04-17 22:13 - 000075264 _____ (AMD) [File not signed] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraEnu.dll
2013-01-23 21:44 - 2013-01-23 21:44 - 000016216 _____ (Hewlett-Packard Company -> ) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\Shared\Interop.HPQWMIEXLib.dll
2013-01-23 21:43 - 2013-01-23 21:43 - 002452824 _____ (Hewlett-Packard Company -> Hewlett-Packard Company) [File not signed] C:\Program Files (x86)\Hewlett-Packard\Shared\hputils.dll
2013-01-23 21:44 - 2013-01-23 21:44 - 000068440 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\Shared\CaslSmBios.dll
2013-01-23 21:44 - 2013-01-23 21:44 - 000524632 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\Shared\CaslWmi.dll
2021-03-18 21:51 - 2021-03-18 21:51 - 000113496 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] [File is in use] C:\WINDOWS\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll
2021-03-18 21:51 - 2021-03-18 21:51 - 000092504 _____ (Hewlett-Packard Company -> Hewlett-Packard Development Company L.P.) [File not signed] [File is in use] C:\WINDOWS\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll
2013-03-26 21:12 - 2013-03-26 21:12 - 000056832 _____ (Hewlett-Packard Development Company, L.P.) [File not signed] [File is in use] C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HP.Mobile.Shared.dll
2009-02-03 13:10 - 2009-02-03 13:10 - 000104960 _____ (Igor Pavlov) [File not signed] C:\Program Files\7-Zip\7-zip.dll
2013-07-30 08:25 - 2013-07-30 08:25 - 000286720 _____ (Intel Corporation) [File not signed] [File is in use] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\PsiData.dll
2014-08-20 12:01 - 2013-12-20 16:38 - 000073728 _____ (Intel Corporation) [File not signed] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.dll
2013-07-30 08:25 - 2013-07-30 08:25 - 000514560 _____ (Intel Corporation) [File not signed] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\ISDI2.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000765952 _____ (LIBGD Development Team) [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\bgd.dll
2014-09-21 05:06 - 2009-07-14 12:29 - 000271360 ____R (Microsoft Corporation) [File not signed] C:\Windows\System32\oobe\wdscore.dll
2012-01-05 22:40 - 2012-01-05 22:40 - 000086070 _____ (Open Source Software community project) [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\pthreadVC2.dll
2012-02-22 16:46 - 2012-02-22 16:46 - 000042496 _____ (Samsung Electronics) [File not signed] C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\DirectoryScanner.dll

==================== Alternate Data Streams (Whitelisted) ========

==================== Safe Mode (Whitelisted) ==================

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) ==========

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://securesearch.org/homepage?hp=2&pId=BT170902&iDate=2021-04-18 05:12:26&iid=2441f25c-e352-47c3-abe9-3ee381184fc1&bName=
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxps://search.avira.net/#web/result?source=art&q=
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxps://search.avira.net/#web/result?source=art&q=
SearchScopes: HKU\S-1-5-21-993510031-3225739286-1372905849-1000 -> {993F5746-4C15-42BC-99C1-064A1764271B} URL = hxxps://securesearch.org?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle America, Inc. -> Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle America, Inc. -> Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation -> Microsoft Corporation)

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\webcompanion.com -> hxxp://webcompanion.com

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 05:34 - 2009-06-11 00:00 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files\Common Files\Microsoft Shared\Windows Live;C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;C:\ProgramData\Oracle\Java\javapath;c:\Program Files (x86)\Intel\iCLS Client\;c:\Program Files\Intel\iCLS Client\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x86;C:\Program Files (x86)\Intel\OpenCL SDK\3.0\bin\x64;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files (x86)\Windows Live\Shared;C:\Program Files (x86)\HP\Common\HPDestPlgIn\;C:\Program Files (x86)\HP\IdrsOCR_15.2.10.1114\;%SYSTEMROOT%\System32\OpenSSH\
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Pyrpyl_HP\Downloads\meadow_sunset_-wallpaper-1366x768.jpg
DNS Servers: 172.16.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer => (SmartScreenEnabled: )
HKLM\software\microsoft\Windows\CurrentVersion\Telephony\Providers => ProviderFileName2 -> ndptsp.tsp (No File)
Windows Firewall is enabled.

Network Binding:
=============
Local Area Connection 3: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled) 
Wi-Fi: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled) 
Local Area Connection: HTC NDIS Protocol Driver -> MS_NDISPROT (enabled) 

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

MSCONFIG\startupfolder: C:^Users^Pyrpyl_HP^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^JB.PARANOID.bravo_INT2SD _v.0.3.zip.lnk => C:\Windows\pss\JB.PARANOID.bravo_INT2SD _v.0.3.zip.lnk.Startup
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Norton Ghost 15.0 => "C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe"
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Power2GoExpress8 => NA

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [UDP Query User{CC8748B3-6EEA-43B5-8BC0-E868377B6ECE}C:\users\pyrpyl_hp\appdata\local\viber\viber.exe] => (Allow) C:\users\pyrpyl_hp\appdata\local\viber\viber.exe (Viber Media S.à r.l. -> Viber Media S.à r.l.)
FirewallRules: [TCP Query User{273A53A0-397F-4399-A0EA-49BD0196473C}C:\users\pyrpyl_hp\appdata\local\viber\viber.exe] => (Allow) C:\users\pyrpyl_hp\appdata\local\viber\viber.exe (Viber Media S.à r.l. -> Viber Media S.à r.l.)
FirewallRules: [{F41288DB-A3CE-4436-9EE4-74B9E438A4C6}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{B9D2D8A5-83C8-4E50-A532-C68FBD854140}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{4C211D2B-D0A9-4B8B-8FBC-AEB7B5F71036}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{1311AC96-28CF-4859-BFA5-D9B0184236D4}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [UDP Query User{6874688B-5FC4-4594-B372-BD7019D5AB7E}C:\users\pyrpyl_hp\appdata\local\viber\qtwebengineprocess.exe] => (Allow) C:\users\pyrpyl_hp\appdata\local\viber\qtwebengineprocess.exe (Viber Media S.à r.l. -> The Qt Company Ltd.)
FirewallRules: [TCP Query User{FFBEAB7F-E331-41DE-AC3A-C484DEC896FC}C:\users\pyrpyl_hp\appdata\local\viber\qtwebengineprocess.exe] => (Allow) C:\users\pyrpyl_hp\appdata\local\viber\qtwebengineprocess.exe (Viber Media S.à r.l. -> The Qt Company Ltd.)
FirewallRules: [UDP Query User{69CFE0B4-F994-41E0-8CC8-ADBF07305B19}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe () [File not signed]
FirewallRules: [TCP Query User{446FBC70-85E3-4188-87F2-9E11B4FEE1D5}C:\program files\ivms-4200 station\nginx\nginx.exe] => (Allow) C:\program files\ivms-4200 station\nginx\nginx.exe () [File not signed]
FirewallRules: [UDP Query User{7E02F2A8-6AB9-4AFF-9DFA-60F3A2070C5A}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [TCP Query User{84F98222-DDA9-4E32-B0F1-5CBDF444D765}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [{B6135F24-EC60-4882-80D8-BCED446E9F02}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{837C914B-B849-4A8C-91EE-147DC5CD887E}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{77FC6A0A-C1DA-472D-93A7-20FC3A93E8D2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{04B110BD-9286-49A9-9F34-C1FBC5840EA5}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer Germany GmbH -> TeamViewer Germany GmbH)
FirewallRules: [{44FCBED9-3B8E-42D2-8696-C1E3C1DC22DB}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{EB16DD33-EA19-47D7-A4BE-D69B043556FE}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{74C59F99-B422-46A7-BF8F-A266FAB63A78}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{3636DD74-D6AB-4803-95D6-8EC72A5ECBE1}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{DA35BEAE-D06A-4864-9C0C-625AFCFDD9E6}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{C93B4FBB-B2C6-4DB8-A714-388B8CDF8E64}] => (Allow) C:\Users\Pyrpyl_HP\Desktop\AnyDesk.exe (philandro Software GmbH -> philandro Software GmbH)
FirewallRules: [{20C11392-D102-4962-BD90-EA8D3351825B}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{5608E4EE-27AB-4218-A779-8E7664A529AF}] => (Allow) C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D708187D-39FD-458D-B357-FC8620CA805D}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareAgent.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{CE77C007-51CA-446E-BF58-76C2ABC226AF}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShare.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{BCB89AEE-EDAC-47EB-B08F-4EE397A33745}] => (Allow) C:\Program Files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe (Samsung Electronics CO., LTD. -> Samsung Electronics Co., Ltd.)
FirewallRules: [{8AD12C81-8718-4BC8-B534-D3FDA060BD50}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\HPNetworkCommunicatorCom.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{22F4D029-4E51-48CE-A5FA-A7A7FEB3B5A1}] => (Allow) LPort=5357
FirewallRules: [{590E6D4F-0F79-4110-9637-A7855BED20B7}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\Bin\DeviceSetup.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{6A6B6270-FA06-4884-8932-6CCEF47A2D39}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\bin\DigitalWizards.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{F21A997F-EF5E-4BC9-BF5B-8DA1D61A3732}] => (Allow) C:\Program Files\HP\HP LaserJet MFP M28-M31\bin\EWSProxy.exe (Hewlett Packard -> HP Inc.)
FirewallRules: [{6C59D8DB-3030-47C7-84A6-AC523A1EB767}] => (Allow) C:\Program Files (x86)\BlueStacks\HD-Player.exe (BlueStack Systems, Inc.) [File not signed]
FirewallRules: [{CDABA8BC-AF4D-45AF-8465-ECD719020281}] => (Allow) C:\Program Files (x86)\Sony\Xperia Companion\XperiaCompanion.exe (Sony Mobile Communications AB -> Sony) [File not signed]
FirewallRules: [{BC57253B-B18B-4BF6-8C92-491599DA2597}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe (Sony Mobile Communications -> )
FirewallRules: [{3492A51A-4096-4B9C-9FFB-428F38454063}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe (Sony Mobile Communications -> )
FirewallRules: [{47795ED5-7200-4C1F-86E0-355CA24AB86F}] => (Allow) LPort=1900
FirewallRules: [{C01E67AC-6589-4C6A-97B4-4F81C5ACB834}] => (Allow) LPort=2869
FirewallRules: [{3D08827F-1C73-4962-8932-5D4724C810CA}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [UDP Query User{0FF0DE7E-426C-48F3-BD27-0F19305E7632}C:\users\pyrpyl_hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pyrpyl_hp\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [TCP Query User{D96F8B51-503E-4A7C-AE2A-6733D889C599}C:\users\pyrpyl_hp\appdata\roaming\utorrent\utorrent.exe] => (Allow) C:\users\pyrpyl_hp\appdata\roaming\utorrent\utorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{0D5E6EBB-78F9-4072-A67E-EC444BF470DE}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe (TeamExtreme) [File not signed]
FirewallRules: [{394201A7-8BA4-4A57-BC6C-62A43960F5C8}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe (TeamExtreme) [File not signed]
FirewallRules: [{889CA730-E5E7-4835-AB0C-723111BDEB24}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe (TeamExtreme) [File not signed]
FirewallRules: [{F9066B61-9EC9-4FD7-9CCC-299361C0C67C}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\.minecraft\minecraft launcher\Minecraft Launcher.exe (TeamExtreme) [File not signed]
FirewallRules: [UDP Query User{822E41B9-C6A9-424B-9A92-31529E40D8FD}G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe] => (Allow) G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [TCP Query User{E293F24D-0385-4587-BC2A-44BECEF9E244}G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe] => (Allow) G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [TCP Query User{F3238335-A324-4085-AA69-5A62B70F2E43}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [UDP Query User{56CC1386-60F3-4C57-8337-1A67C320EE72}C:\program files\kodi\kodi.exe] => (Allow) C:\program files\kodi\kodi.exe (XBMC Foundation) [File not signed]
FirewallRules: [TCP Query User{F567F32B-DC18-4E30-A504-6E160F75EABC}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [UDP Query User{C679A516-6FC9-47BD-9C35-139DBDC47466}C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe] => (Allow) C:\program files\ivms-4200 station\ivms-4200\ivms-4200 client\ivms-4200.exe (HANGZHOU HIKVISION DIGITAL TECHNOLOGY CO.,LTD. -> )
FirewallRules: [{977F26C5-E411-4365-87E8-C82B1AE62364}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [{44F606E4-9FCF-4DAB-B573-B752D1CB3345}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{4441728B-0242-45B7-A5D4-A6FAE4C5EA99}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{9205CA75-3436-481F-869D-76E5E939312F}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{AFDCEA3B-3FD7-4893-B526-87D6DEC0D57C}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{95BC06BB-17A0-417D-A1FB-28E0B4658F4E}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{765E33B4-4949-493D-BFF8-914B9952B18C}] => (Allow) C:\Users\Pyrpyl_HP\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc -> BitTorrent Inc.)
FirewallRules: [{5F6B9FFA-7C2C-4507-BA9B-0319AD0D1833}] => (Block) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{729A7E5B-80AA-4A5B-948F-4CC8A98236B5}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)
FirewallRules: [{ACC43F2B-8830-43AA-BE19-F09E532DD039}] => (Allow) C:\Program Files (x86)\Avira\SoftwareUpdater\avirasoftwareupdatertoastnotificationsbridge.exe (Avira Operations GmbH & Co. KG -> Avira Operations GmbH & Co. KG)

==================== Restore Points =========================

07-04-2021 18:20:39 Revo Uninstaller Pro's restore point - Google Chrome
09-04-2021 07:35:15 09.04
16-04-2021 18:36:54 Windows Modules Installer
17-04-2021 21:25:03 AdwCleaner_BeforeCleaning_17/04/2021_21:24:59

==================== Faulty Device Manager Devices ============


==================== Event log errors: ========================

Application errors:
==================
Error: (04/18/2021 10:06:28 AM) (Source: Automatic LiveUpdate Scheduler) (EventID: 101) (User: Pyrpyl_HP-PC)
Description: Event-ID 101

Error: (04/18/2021 10:02:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HD-Player.exe, version: 4.3.28.4020, time stamp: 0x5b2b71b7
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xe0434352
Fault offset: 0x0000000000034b59
Faulting process id: 0x834
Faulting application start time: 0x01d7341fb06b77c1
Faulting application path: C:\Program Files (x86)\BlueStacks\HD-Player.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 3b1b8f10-b0cb-40e6-8250-90e8dcbf8fc5
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/18/2021 10:02:59 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HD-Player.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
   at Microsoft.Win32.RegistryKey.Win32Error(Int32, System.String)
   at Microsoft.Win32.RegistryKey.CreateSubKeyInternal(System.String, Microsoft.Win32.RegistryKeyPermissionCheck, System.Object, Microsoft.Win32.RegistryOptions)
   at Microsoft.Win32.RegistryKey.CreateSubKey(System.String)
   at BlueStacks.hyperDroid.Common.RegistryManager.Init(System.String[])
   at BlueStacks.hyperDroid.Common.RegistryManager.get_Instance()
   at BlueStacks.hyperDroid.Common.Logger.LogLevelsInit()
   at BlueStacks.hyperDroid.Common.Logger.InitLogAtPath(System.String, System.String, Boolean)
   at BlueStacks.hyperDroid.VMHost.Program.InitLog()
   at BlueStacks.hyperDroid.VMHost.Program.Main(System.String[])

Error: (04/18/2021 09:55:00 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: HD-Quit.exe, version: 4.3.28.4020, time stamp: 0x5b2b71b5
Faulting module name: KERNELBASE.dll, version: 10.0.19041.906, time stamp: 0x2f2f77bf
Exception code: 0xe0434352
Fault offset: 0x0000000000034b59
Faulting process id: 0x2de8
Faulting application start time: 0x01d7341fbac137e1
Faulting application path: C:\Program Files (x86)\BlueStacks\HD-Quit.exe
Faulting module path: C:\WINDOWS\System32\KERNELBASE.dll
Report Id: 2a47e833-3a07-44e9-8320-a4d655dea126
Faulting package full name: 
Faulting package-relative application ID:

Error: (04/18/2021 09:55:00 AM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: HD-Quit.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.UnauthorizedAccessException
   at Microsoft.Win32.RegistryKey.Win32Error(Int32, System.String)
   at Microsoft.Win32.RegistryKey.CreateSubKeyInternal(System.String, Microsoft.Win32.RegistryKeyPermissionCheck, System.Object, Microsoft.Win32.RegistryOptions)
   at Microsoft.Win32.RegistryKey.CreateSubKey(System.String)
   at BlueStacks.hyperDroid.Common.RegistryManager.Init(System.String[])
   at BlueStacks.hyperDroid.Common.RegistryManager.get_Instance()
   at BlueStacks.hyperDroid.Common.Logger.LogLevelsInit()
   at BlueStacks.hyperDroid.Common.Logger.InitLogAtPath(System.String, System.String, Boolean)
   at BlueStacks.hyperDroid.Quit.Quit.Init()
   at BlueStacks.hyperDroid.Quit.Quit.Main(System.String[])

Error: (04/18/2021 05:44:25 AM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft Office Office 64-bit Components 2010 - Update 'Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\MSI5c940.LOG.

Error: (04/18/2021 01:25:36 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (I:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)

Error: (04/18/2021 01:25:16 AM) (Source: Microsoft-Windows-Defrag) (EventID: 264) (User: )
Description: The storage optimizer couldn't complete retrim on (G:) because: The operation requested is not supported by the hardware backing the volume. (0x8900002A)


System errors:
=============
Error: (04/18/2021 05:44:25 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition.

Error: (04/17/2021 11:52:25 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x8024200b: Update for Microsoft Office 2010 (KB2553347) 32-Bit Edition.

Error: (04/17/2021 11:31:58 PM) (Source: DCOM) (EventID: 10010) (User: Pyrpyl_HP-PC)
Description: The server Microsoft.SkypeApp_15.67.99.0_x86__kzf8qxf38zg5c!App.AppXtwmqn4em5r5dpafgj4t4yyxgjfe0hr50.mca did not register with DCOM within the required timeout.

Error: (04/17/2021 10:09:53 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (04/17/2021 10:09:53 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\PYRPYL~1\AppData\Local\Temp\ehdrv.sys

Error: (04/17/2021 10:09:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading

Error: (04/17/2021 10:09:52 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\PYRPYL~1\AppData\Local\Temp\ehdrv.sys

Error: (04/17/2021 10:09:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
This driver has been blocked from loading


CodeIntegrity:
===============
Date: 2021-04-17 21:31:21
Description: 
Windows is unable to verify the image integrity of the file \Device\HarddiskVolume7\Program Files (x86)\Avira\Antivirus\avirasecuritycenteragentwin7.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2021-04-17 21:29:24
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\System32\CastSrv.exe) attempted to load \Device\HarddiskVolume7\Program Files (x86)\ATI Technologies\HydraVision\HydraDMH64.dll that did not meet the Microsoft signing level requirements.

Date: 2021-04-17 10:54:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements.

Date: 2021-04-17 10:54:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements.

Date: 2021-04-17 10:54:30
Description: 
Code Integrity determined that a process (\Device\HarddiskVolume7\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume7\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

BIOS: Hewlett-Packard L74 Ver. 01.47 07/30/2018
Motherboard: Hewlett-Packard 1942
Processor: Intel(R) Core(TM) i5-4200M CPU @ 2.50GHz
Percentage of memory in use: 57%
Total physical RAM: 7625.11 MB
Available physical RAM: 3273.45 MB
Total Virtual: 13625.11 MB
Available Virtual: 8138.11 MB

==================== Drives ================================

Drive 😄 () (Fixed) (Total:215.03 GB) (Free:78.25 GB) NTFS
Drive d: (Multimedia) (Fixed) (Total:622.93 GB) (Free:278.54 GB) NTFS
Drive e: () (Fixed) (Total:7.79 GB) (Free:7.49 GB) FAT32 ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:7.81 GB) (Free:7.44 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive g: () (Fixed) (Total:7.81 GB) (Free:7.57 GB) NTFS
Drive h: (Restore) (Fixed) (Total:97.66 GB) (Free:94.18 GB) NTFS
Drive i: () (Fixed) (Total:195.31 GB) (Free:53.27 GB) NTFS

\\?\Volume{00014549-0000-0000-0000-10b637000000}\ () (Fixed) (Total:0.72 GB) (Free:0.14 GB) NTFS

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 2AF29C89)
Partition 1: (Not Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=720.6 GB) - (Type=0F Extended)

==========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 223.6 GB) (Disk ID: 00014549)
Partition 1: (Active) - (Size=7.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=215 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=733 MB) - (Type=27)

==================== End of Addition.txt =======================

 

 

 

Линк към този отговор
Сподели в други сайтове

Сега вече нещата изглеждат добре..! :) 

 

Фикс с Farbar Recovery Scan Tool

  • Щракнете с десния бутон върху иконата FRST и изберете Изпълнете като администратор
  • Маркирайте  информацията от карето по долу , след което натиснете клавишите Ctrl + C едновременно и текстът ще бъде копиран
  • Няма нужда да поставяте информацията , FRST ще я направи вместо вас.
Start::
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [] => [X]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Policies\system: [shell] explorer.exe <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
U3 idsvc; no ImagePath
IE trusted site: HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [UDP Query User{822E41B9-C6A9-424B-9A92-31529E40D8FD}G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe] => (Allow) G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [TCP Query User{E293F24D-0385-4587-BC2A-44BECEF9E244}G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe] => (Allow) G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe => No File

C:\Program Files (x86)\Lavasoft\Web Companion

End::

 

ЗАБЕЛЕЖКА: Този скрипт е написан специално за този потребител,и за тази конкретна машина. Изпълнението на фикса, на друг компютър може да доведе до увреждане на  операционната ви система

Натиснете бутона Fix само веднъж и изчакайте.
Забележка:    Не е необходимо да поставяте скрипта в FRST .
Рестартирайте компютъра, ако бъдете подканени.
Когато поправката е завършена, FRST ще генерира дневник на същото място, от което е стартиран (Fixlog.txt)
Моля, копирайте и поставете съдържанието му във вашия отговор.

Линк към този отговор
Сподели в други сайтове

Отново не поиска рестарт. Това е лог-файла:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-04-2021
Ran by Pyrpyl_HP (18-04-2021 10:51:18) Run:4
Running from C:\Users\Pyrpyl_HP\Desktop
Loaded Profiles: Pyrpyl_HP
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [] => [X]
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Policies\system: [shell] explorer.exe <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
U3 idsvc; no ImagePath
IE trusted site: HKU\S-1-5-21-993510031-3225739286-1372905849-1000\...\webcompanion.com -> hxxp://webcompanion.com
FirewallRules: [UDP Query User{822E41B9-C6A9-424B-9A92-31529E40D8FD}G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe] => (Allow) G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe => No File
FirewallRules: [TCP Query User{E293F24D-0385-4587-BC2A-44BECEF9E244}G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe] => (Allow) G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe => No File
C:\Program Files (x86)\Lavasoft\Web Companion

*****************

Restore point was successfully created.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Windows\CurrentVersion\Run\\" => removed successfully
"HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Windows\CurrentVersion\Policies\system\\shell" => removed successfully
C:\ProgramData\NTUSER.pol => moved successfully
"HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion" => removed successfully
HKLM\System\CurrentControlSet\Services\idsvc => removed successfully
idsvc => service removed successfully
HKU\S-1-5-21-993510031-3225739286-1372905849-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{822E41B9-C6A9-424B-9A92-31529E40D8FD}G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe" => removed successfully
"HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{E293F24D-0385-4587-BC2A-44BECEF9E244}G:\games\sniper.ghost warrior 2.collector's edition.v 1.04 + 2 dlc\bin32\sniperghostwarrior2.exe" => removed successfully
"C:\Program Files (x86)\Lavasoft\Web Companion" => not found

==== End of Fixlog 10:51:38 ====

Линк към този отговор
Сподели в други сайтове

Чудесно..! :)

В такъв случай ,от моя страна, мисля да се ориентираме към финал..! 

 

 

За да деинсталирате FRST и да премахнете всички негови файлове, моля, направете следното ...:

  • Преименувайте FRST.exe на Uninstall.exe
  • Щракнете двукратно върху Uninstall.exe  за да го стартирате

Компютърът ви ще се рестартира и  ще премахне FRST и всички негови файлове.

 

KpRm 
 
Изтеглете  KpRm от kernel-panik и го запишете на вашия работен плот. 

  • Щракнете с десния бутон върху kprm_ (версия) .exe и изберете Изпълни като администратор. 
  • Когато инструментът се отвори, уверете се, че всички квадратчета са отметнати и изберете Изпълни ( Run ).

image.png.ae380ba8b0c6aa27fc373965f56ef973.png

image.png.f90aaeac26b9e18c5ce5f79e34f88914.png

  • След като приключите, щракнете върху OK. 
  • В Notepad ще се отвори журнал, озаглавен kprm- (date) .txt
  • Моля, копирайте и поставете съдържанието му в следващия си отговор.

 

 

Линк към този отговор
Сподели в други сайтове

Готово:

# Run at 18.4.2021 'г.' 13:00:01 'ч.'
# KpRm (Kernel-panik) version 2.9
# Website https://kernel-panik.me/tool/kprm/
# Run by Pyrpyl_HP from C:\Users\Pyrpyl_HP\Desktop
# Computer Name: PYRPYL_HP-PC
# OS: Windows 10 X64 (19042) 
# Number of passes: 1

- Checked options -

    ~ Registry Backup
    ~ Delete Tools
    ~ Restore System Settings
    ~ UAC Restore
    ~ Delete Restore Points
    ~ Create Restore Point
    ~ Delete Quarantines after 7 days

- Create Registry Backup -

   ~ [OK] Hive C:\WINDOWS\System32\config\SOFTWARE backed up
   ~ [OK] Hive C:\Users\Pyrpyl_HP\NTUSER.dat backed up

     [OK] Registry Backup: C:\KPRM\backup\2021-04-18-13-00-00

- Delete Tools -


  ## AdwCleaner
     [OK] C:\Users\Pyrpyl_HP\Desktop\adwcleaner_8.2.exe deleted
     [OK] C:\Users\Pyrpyl_HP\Downloads\adwcleaner_8.2.exe deleted

  ## CrystalDiskInfo (portable)
     [OK] C:\Users\Pyrpyl_HP\Downloads\CrystalDiskInfo8_8_5 deleted
     [OK] C:\Users\Pyrpyl_HP\Downloads\CrystalDiskInfo8_8_5.zip deleted

  ## ESET Online Scanner
     [OK] C:\Users\Pyrpyl_HP\Desktop\ESET Online Scanner.lnk deleted
     [OK] C:\Users\Pyrpyl_HP\Desktop\esetonlinescanner.exe deleted
     [OK] C:\Users\Pyrpyl_HP\Downloads\esetonlinescanner.exe deleted

  ## FRST
     [OK] C:\Users\Pyrpyl_HP\Downloads\FRST64.exe deleted
     [OK] C:\Users\Pyrpyl_HP\Downloads\MEmu Download\FRST64.exe deleted

- Other Lines -


  ## Quarantines that will be deleted in 7 days (2021/04/25)
    ~ C:\AdwCleaner (AdwCleaner)
    ~ C:\Users\Pyrpyl_HP\AppData\Local\ESET\ESETOnlineScanner (ESET Online Scanner)

- Restore System Settings -

     [OK] Reset WinSock
     [OK] FLUSHDNS
     [OK] Hide Hidden file.
     [OK] Show Extensions for known file types
     [OK] Hide protected operating system files

- Restore UAC -

     [OK] Set EnableLUA with default (1) value
     [OK] Set ConsentPromptBehaviorAdmin with default (5) value
     [OK] Set ConsentPromptBehaviorUser with default (3) value
     [OK] Set EnableInstallerDetection with default (0) value
     [OK] Set EnableSecureUIAPaths with default (1) value
     [OK] Set EnableUIADesktopToggle with default (0) value
     [OK] Set EnableVirtualization with default (1) value
     [OK] Set FilterAdministratorToken with default (0) value
     [OK] Set PromptOnSecureDesktop with default (1) value
     [OK] Set ValidateAdminCodeSignatures with default (0) value

- Clear Restore Points -

   ~ [OK] RP named 09.04 created at 04/09/2021 04:35:15 deleted
   ~ [OK] RP named Windows Modules Installer created at 04/16/2021 15:36:54 deleted
   ~ [OK] RP named AdwCleaner_BeforeCleaning_17/04/2021_21:24:59 created at 04/17/2021 18:25:03 deleted
     [OK] All system restore points have been successfully deleted

- Create Restore Point -

     [OK] System Restore Point created

- Display System Restore Point -

   ~ [I] RP named KpRm created at 04/18/2021 10:00:42

-- KPRM finished in 57.79s --

Линк към този отговор
Сподели в други сайтове

Супер ..! :) 

Сега ..относно антивирусната програма ...Моето мнение  по този вечен казус съм го споделял многократно ..затова ще го цитирам за пореден път:

Цитат

Изборът на антивирусна програма е личен избор на всеки, който би трябвало да се базира на вашите нужди, техническите умения, опит и възможности, предлаганите от антивирусните компании  ръководства за употреба. лекота на актуализиране (и модернизация на нова версия на програмата), лесна инсталация, техническа поддръжка  и цена.Освен това много важни фактори при избора на антивирусна програма са..: проценти и методи за откриване, ефективност на сканиране  колко често се обновяват  вирусните дефиниции, количеството ресурси които програмата използва, как това може да повлияе на производителността на системата, има ли  добра защита срещу ransomware ....  и какво и как  ще работи най-добре за вашата система. Ако една  антивирусна програма работи добре за една компютърна система.. не може да работи така  за друга. Не съществува универсално "един еталон подходящ за всички", което работи за всички. Няма една единствена най-добра антивирусна програма.   Няма да бъдете 100% защитени никога, но можете да опитате кое ще е най-добре за вас и вашата система..  Комбинирайте,  изследвайте, питайте, учете. Това е вашата система и вие знаете точно какво и как го искате. Трябва да имате правилните навици на това, което правите с компютъра си: - Сърфирайте правилно, не влизайте в подозрителни уеб сайтове и проверете дали уебсайтът,  е истинският. Теглете информация от интернет интелигентно,.- Не използвайте Crack / keygens извън виртуална среда....и задължително Imaging Backup ..!  :)

 

Личното ми мнение е  да разчитате на  Антивирусната на Windows 10 в лицето на Windows Defender която е  достатъчно добра особено като се добави и  конфигурира с ConfigureDefender  ... или да се добави целия пакет на Andy Ful ... Hard_Configurator

Линк към този отговор
Сподели в други сайтове

Благодарности, доколкото виждам това са различни кофигуратори за настройка на стоковия антивирус на Майкрософт. Ако е така, какви са причините хората да ползват платени програми? Служебните компютри на работа( сравнително голяма компания с над 300 компютъра, няколко сървара и операторси станции за мониторинг и управление и технологични защити на непрекъсваеми работни процеси) се оборудват с Нортън антивирус и се поддържат от 5 системни администратори.

Багодаря все пак, ще помисля и ще взема решение. Приятен ден! 

Линк към този отговор
Сподели в други сайтове
преди 26 минути, pyrpyl написа:

Ако е така, какви са причините хората да ползват платени програми?

Ами ..съвременната компютърна защита се базира на защитни слоеве  (многопластова защита) ..! Единствено платените интегрирани пакети предоставят това ..и както е казал някой ..безплатен обяд няма ...! И всяка антивирусна компания предлага корпоративни версии на софтуера си...а всеки уважаващ себе си и компанията мениджър  не би допуснал пропуски във антивирусната си сигурност ..! А до колкото 5 системни администратори се грижат за тази сигурност ...не мога да коментирам..! До тук какъв компютър почистихме  ...? Личен или служебен..? Ако е служебния ви ...просто свършихме работата на един от системните ви администратори ..! И честно ако знаех това ...дали е служебен или личен ..доста бих се замислил дали да ви помогна ..! Ако е личен ..оки ,няма проблем ..но ако е служебен ....как мислите ....да изкарам заплатата на някои админ ли ....?!? 

Линк към този отговор
Сподели в други сайтове

Лично мнение.

Ако компютъра ми е домашен и се зарази с вирус, и особено, ако автоматично ме насочва към сайтове, които след точката имат "ru",  тогава задължително преинсталирам като форматирам и диска даже.

Ако компютъра е служебен, тогава за това отговарят администраторите. Като се има предвид, че служебните са вързани и в мрежа, тогава заразяването на отделен компютър прави работата "дълга и широка" и поставя доста въпроси за входа :)

Линк към този отговор
Сподели в други сайтове

Добавете отговор

Можете да публикувате отговор сега и да се регистрирате по-късно. Ако имате регистрация, влезте в профила си за да публикувате от него.
Бележка: Вашата публикация изисква одобрение от модератор, преди да стане видима за всички.

Гост
Напишете отговор в тази тема...

×   Вмъкнахте текст, който съдържа форматиране.   Премахни форматирането на текста

  Разрешени са само 75 емотикони.

×   Съдържанието от линка беше вградено автоматично.   Премахни съдържанието и покажи само линк

×   Съдържанието, което сте написали преди беше възстановено..   Изтрий всичко

×   You cannot paste images directly. Upload or insert images from URL.

  • Разглеждащи това в момента   0 потребители

    Няма регистрирани потребители разглеждащи тази страница.

  • Горещи теми в момента

  • Подобни теми

    • от Yanichka
      Здравейте. Имам проблеми с лаптопа ми от известно време - много е бавен, пренатоварва се и CPU-то работи на по-малко от  50%.. Бях посъветвана първо да проверя за вируси и нежелани софтуери, преди да предприема други мерки. Лаптопът е DELL Latitude E5540, Intel inside core i7 vPro. Да кажем, че  е средно на около 6 годинки :)) Коя антивирусна програма бихте ми препоръчали? Ако имате нужда от още информация за лаптопа, само пишете ;))  Благодаря предварително
    • от Ivelin _
      Здравейте, отскоро спряха да ми се пускат някои програми - отначало  една игра от steam, обаче забелязах че и malwarebytes, и прозореца на windows defender се затваря малко след като се отвори.
      През safe mode пуснах malwarebytes, откри уж някакви вируси, карантинира ги, обаче не се оправи.
      Идея какво може да е?
      И в task manager Antimalware Executable заема 19-21% от процесора и 200-300мб рам
      FRST.txt
      Addition.txt
    • от Цветелин Киров
      Здравейте.
      Не съм се обръщал за ваша помощ от доста време.
      Та направо към проблема.😉
      От доста време имам странни проблеми с моят Лаптоп
      HP модел 15-da009Inu
      С операционна система WIndows 10 Pro
      С Видео карти NVIDIA Geforce MX-110 2Gb и Intel(R) UHD Graphics 1GB.
      С Процесор QuadCore Intel Pentium Silver N5000, 2600 MHz (26 x 100)
      С Рам DDR4-8GB

      Всичко започна преди около месец.
       Windows Dеfender започна да извлича съобщения (Потенциално нежелания приложения).
      След което опитах да ги премахна:
      -Първо през програмата.
      И след това ръчно.

      При първият вариант след като настисна опцията Remove или Quarantine.
      Започваше да зарежда и нищо не се слуваше в продължание на часуве.
      Изтеглих Антивирусните Zemana Anti Maware и Maware Bytes.

      След като пуснах проверка.
      Първата антививирусна засече Троянски кон.
      Но не запазих лог файла.
      Втората нищо не откри.
      Съответно и 2-те ги деинсталирах.
      Днес повторих същото и пак същият вирус като отново не запазих лог файла.

      При вториат варинат забелязах ,че това са програми който ползвам.
      Но открива и вируси който не се премахват по никакъв начин!

      В Windows Defender Съобщенията са твърде много и нито едно не реагира на премахване.
      Започва процедурата по отсраняване .Зарежда и до там.
      А ме дразни ,че почти всеки ден се появяват!
      Не зная какво може да е заразило системата но на моменти доста бавно зарежда.

      Прикачвам Лог-Файловете от FRST
      И снимка на Defender
      FRST.txt Addition.txt

    • от zonaxxx1
      стартирам файлът и ми изскача прозорец със следната информация: тази операция е отменена поради действащите на този компютър ограничения. обърнете се към вашият системен администратор. стартирам инсталацията като  администратор и пак изскача този прозорец. ОС уиндоус 7 спрял съм актоализацийте. това е файлът който искам да инсталирам tweaking.com_windows_repair_setup
  • Дарение

×
×
  • Добави ново...

Информация

Поставихме бисквитки на устройството ви за най-добро потребителско изживяване. Можете да промените настройките си за бисквитки, или в противен случай приемаме, че сте съгласни с нашите Условия за ползване